Vulnerability Name:

CVE-2004-2493 (CCN-18278)

Assigned:2004-11-29
Published:2004-11-29
Updated:2017-07-11
Summary:Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-2493

Source: CCN
Type: SA13321
Groupmax World Wide Web Cross-Site Scripting and Directory Traversal

Source: SECUNIA
Type: UNKNOWN
13321

Source: CCN
Type: Hitachi Vulnerability Information HS04-007
Vulnerabilities in Cross-site Scripting and Directory Traversal of Groupmax World Wide Web and Groupmax World Wide Web Desktop

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.hitachi-support.com/security_e/vuls_e/HS04-007_e/01-e.html

Source: CCN
Type: Groupmax Web page
Middleware & Platform Software

Source: OSVDB
Type: UNKNOWN
12153

Source: CCN
Type: OSVDB ID: 12153
Hitachi Groupmax Traversal Arbitrary HTML File Access

Source: BID
Type: UNKNOWN
11773

Source: CCN
Type: BID-11773
Groupmax World Wide Web Cross-Site Scripting And Directory Traversal Vulnerabilities

Source: XF
Type: UNKNOWN
groupmax-directory-traversal(18278)

Source: XF
Type: UNKNOWN
groupmax-directory-traversal(18278)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hitachi:groupmax_world_wide_web:2:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web:02_00:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web:02_20:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web:02_20_a:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web:02_31_i:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web:3:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web:03_00:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web:03_10_h:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web:03_11_b:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:5:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:05_00:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:05_11_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:05_11_i:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:05_11_j:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_00:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_50_b:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_50_c:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_51:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_51:*:jichitai:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_51_b:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_51_c:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_52:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_52:*:jichitai:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_52_b:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:gold:*:jichitai:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:hitachi:groupmax_world_wide_web_desktop:5:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_51::jichitai:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web:2:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web:3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hitachi groupmax world wide web 2
    hitachi groupmax world wide web 02_00
    hitachi groupmax world wide web 02_20
    hitachi groupmax world wide web 02_20_a
    hitachi groupmax world wide web 02_31_i
    hitachi groupmax world wide web 3
    hitachi groupmax world wide web 03_00
    hitachi groupmax world wide web 03_10_h
    hitachi groupmax world wide web 03_11_b
    hitachi groupmax world wide web desktop 5
    hitachi groupmax world wide web desktop 05_00
    hitachi groupmax world wide web desktop 05_11_f
    hitachi groupmax world wide web desktop 05_11_i
    hitachi groupmax world wide web desktop 05_11_j
    hitachi groupmax world wide web desktop 6
    hitachi groupmax world wide web desktop 06_00
    hitachi groupmax world wide web desktop 06_50_b
    hitachi groupmax world wide web desktop 06_50_c
    hitachi groupmax world wide web desktop 06_51
    hitachi groupmax world wide web desktop 06_51
    hitachi groupmax world wide web desktop 06_51_b
    hitachi groupmax world wide web desktop 06_51_c
    hitachi groupmax world wide web desktop 06_52
    hitachi groupmax world wide web desktop 06_52
    hitachi groupmax world wide web desktop 06_52_b
    hitachi groupmax world wide web desktop gold
    hitachi groupmax world wide web desktop 5
    hitachi groupmax world wide web desktop 6
    hitachi groupmax world wide web desktop 06_51
    hitachi groupmax world wide web 2
    hitachi groupmax world wide web 3