Vulnerability Name: | CVE-2008-0396 (CCN-39802) | ||||||||
Assigned: | 2008-01-19 | ||||||||
Published: | 2008-01-19 | ||||||||
Updated: | 2018-10-15 | ||||||||
Summary: | Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N) 6.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-22 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Sat Jan 19 2008 - 05:41:58 CST BitDefender Update Server - Unauthorized Remote File Access Vulnerability Source: MITRE Type: CNA CVE-2008-0396 Source: MISC Type: UNKNOWN http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/ Source: CCN Type: SA28578 BitDefender Update Server HTTP Server Directory Traversal Vulnerability Source: SECUNIA Type: Vendor Advisory 28578 Source: SREASON Type: UNKNOWN 3568 Source: CCN Type: BitDefender Web site BitDefender Update Server Source: MISC Type: Exploit http://www.oliverkarow.de/research/bitdefender.txt Source: CCN Type: OSVDB ID: 40518 BitDefender Update Server HTTP Request Traversal Arbitrary File Access Source: BUGTRAQ Type: UNKNOWN 20080119 BitDefender Update Server - Unauthorized Remote File Access Vulnerability Source: BID Type: Exploit 27358 Source: CCN Type: BID-27358 BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability Source: VUPEN Type: UNKNOWN ADV-2008-0213 Source: XF Type: UNKNOWN bitdefender-http-server-directory-traversal(39802) Source: XF Type: UNKNOWN bitdefender-http-server-directory-traversal(39802) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |