Vulnerability Name:
CVE-2010-0287 (CCN-55660)
Assigned:
2010-01-14
Published:
2010-01-14
Updated:
2019-09-23
Summary:
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
5.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
4.3 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
4.3 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-22
Vulnerability Consequences:
Obtain Information
References:
Source: CONFIRM
Type: UNKNOWN
http://bugs.splitbrain.org/index.php?do=details&task_id=1847
Source: MITRE
Type: CNA
CVE-2010-0287
Source: FEDORA
Type: UNKNOWN
FEDORA-2010-0770
Source: FEDORA
Type: UNKNOWN
FEDORA-2010-0800
Source: CCN
Type: SA38183
DokuWiki Multiple Vulnerabilities
Source: SECUNIA
Type: Vendor Advisory
38183
Source: GENTOO
Type: UNKNOWN
GLSA-201301-07
Source: DEBIAN
Type: UNKNOWN
DSA-1976
Source: DEBIAN
Type: DSA-1976
dokuwiki -- several vulnerabilities
Source: EXPLOIT-DB
Type: UNKNOWN
11141
Source: CCN
Type: OSVDB ID: 61709
DokuWiki lib/plugins/acl/ajax.php ns Parameter Traversal Arbitrary Directory Listing
Source: BID
Type: UNKNOWN
37821
Source: CCN
Type: BID-37821
DokuWiki File Enumeration Information Disclosure Vulnerability
Source: CONFIRM
Type: UNKNOWN
http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security
Source: CCN
Type: DokuWiki Web site
DokuWiki
Source: VUPEN
Type: UNKNOWN
ADV-2010-0150
Source: XF
Type: UNKNOWN
dokuwiki-ajax-dir-traversal(55660)
Source: XF
Type: UNKNOWN
dokuwiki-ajax-dir-traversal(55660)
Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-14-2010]
Vulnerable Configuration:
Configuration 1
:
cpe:/a:dokuwiki:dokuwiki:2004-07-04:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-07-07:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-07-12:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-07-21:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-07-25:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-08-08:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-08-15a:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-08-22:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-09-12:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-09-25:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-09-30:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-11-01:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-11-02:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2004-11-10:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2005-01-14:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2005-01-15:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2005-01-16a:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2005-02-06:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2005-02-18:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2005-05-07:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2005-07-01:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2005-07-13:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2005-09-19:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2005-09-22:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2006-03-05:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2006-03-09:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2006-03-09e:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:2006-06-04:*:*:*:*:*:*:*
OR
cpe:/a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*
(Version <= release_2009-02-14)
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.mitre.oval:def:20271
P
DSA-1976-1 dokuwiki - several vulnerabilities
2014-06-23
oval:org.mitre.oval:def:6751
P
DSA-1976 dokuwiki -- several vulnerabilities
2014-06-23
oval:com.ubuntu.artful:def:20100287000
V
CVE-2010-0287 on Ubuntu 17.10 (artful) - medium.
2010-02-15
oval:com.ubuntu.xenial:def:20100287000
V
CVE-2010-0287 on Ubuntu 16.04 LTS (xenial) - medium.
2010-02-15
oval:com.ubuntu.bionic:def:201002870000000
V
CVE-2010-0287 on Ubuntu 18.04 LTS (bionic) - medium.
2010-02-15
oval:com.ubuntu.bionic:def:20100287000
V
CVE-2010-0287 on Ubuntu 18.04 LTS (bionic) - medium.
2010-02-15
oval:com.ubuntu.xenial:def:201002870000000
V
CVE-2010-0287 on Ubuntu 16.04 LTS (xenial) - medium.
2010-02-15
oval:com.ubuntu.precise:def:20100287000
V
CVE-2010-0287 on Ubuntu 12.04 LTS (precise) - medium.
2010-02-15
oval:com.ubuntu.trusty:def:20100287000
V
CVE-2010-0287 on Ubuntu 14.04 LTS (trusty) - medium.
2010-02-15
oval:org.debian:def:1976
V
several vulnerabilities
2010-01-22
BACK
dokuwiki
dokuwiki 2004-07-04
dokuwiki
dokuwiki 2004-07-07
dokuwiki
dokuwiki 2004-07-12
dokuwiki
dokuwiki 2004-07-21
dokuwiki
dokuwiki 2004-07-25
dokuwiki
dokuwiki 2004-08-08
dokuwiki
dokuwiki 2004-08-15a
dokuwiki
dokuwiki 2004-08-22
dokuwiki
dokuwiki 2004-09-12
dokuwiki
dokuwiki 2004-09-25
dokuwiki
dokuwiki 2004-09-30
dokuwiki
dokuwiki 2004-11-01
dokuwiki
dokuwiki 2004-11-02
dokuwiki
dokuwiki 2004-11-10
dokuwiki
dokuwiki 2005-01-14
dokuwiki
dokuwiki 2005-01-15
dokuwiki
dokuwiki 2005-01-16a
dokuwiki
dokuwiki 2005-02-06
dokuwiki
dokuwiki 2005-02-18
dokuwiki
dokuwiki 2005-05-07
dokuwiki
dokuwiki 2005-07-01
dokuwiki
dokuwiki 2005-07-13
dokuwiki
dokuwiki 2005-09-19
dokuwiki
dokuwiki 2005-09-22
dokuwiki
dokuwiki 2006-03-05
dokuwiki
dokuwiki 2006-03-09
dokuwiki
dokuwiki 2006-03-09e
dokuwiki
dokuwiki 2006-06-04
dokuwiki
dokuwiki *
Denotes that component is vulnerable