Vulnerability Name:

CVE-2008-1606

Assigned:2008-03-20
Published:2008-03-20
Updated:2017-08-07
Summary:Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
5.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-22
(ALLOWS_OTHER_ACCESS)
References:Source: CONFIRM
Type: UNKNOWN
http://developer.elasticpath.com/entry!default.jspa?categoryID=4&externalID=1334

Source: MISC
Type: UNKNOWN
http://weblog.nomejortu.com/?p=37

Source: MISC
Type: UNKNOWN
http://www.mwrinfosecurity.com/publications/mwri_elastic-path-arbitrary-file-system-access_2008-02-22.pdf

Source: BID
Type: UNKNOWN
28352

Source: XF
Type: UNKNOWN
elasticpath-multiple-directory-traversal(41356)

Source: XF
Type: UNKNOWN
elasticpath-pathdir-directory-traversal(41364)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:elastic_path:elastic_path:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:elastic_path:elastic_path:4.1.1:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK
    elastic_path elastic path 4.1
    elastic_path elastic path 4.1.1