CVE-2010-2627

Опубликовано: 02 июл. 2010

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via ".." (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.

Ссылки

http://aluigi.altervista.org/adv/bf2urlz-adv.txt
http://osvdb.org/65863
Exploit
http://secunia.com/advisories/40334
Vendor Advisory
http://www.securityfocus.com/bid/41262
http://aluigi.altervista.org/adv/bf2urlz-adv.txt
http://osvdb.org/65863
Exploit
http://secunia.com/advisories/40334
Vendor Advisory
http://www.securityfocus.com/bid/41262

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ea:battlefield_2:*:*:*:*:*:*:*:*

Версия до 2.1.50 (включая)

cpe:2.3:a:ea:battlefield_2142:*:*:*:*:*:*:*:*

Версия до 1.10.48.0 (включая)

EPSS

Процентиль: 75%

0.00914

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-p5gp-p59f-xww7

github

больше 3 лет назад

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.