Vulnerability CVE-2010-0620

Vulnerability Name:

CVE-2010-0620 (CCN-56502)

Assigned:

2010-02-23

Published:

2010-02-23

Updated:

2018-10-10

Summary:

Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.
Per: http://seclists.org/bugtraq/2010/Feb/222

Affected products:

EMC HomeBase Server version 6.2.x

EMC HomeBase Server version 6.3.x

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-0620

Source: CCN
Type: SA38660
EMC HomeBase Server Directory Traversal Vulnerability

Source: SREASON
Type: UNKNOWN
8230

Source: CCN
Type: EMC Web site
HomeBase

Source: CCN
Type: OSVDB ID: 62538
EMC HomeBase Server SSL Service Traversal File Upload Unspecified Arbitrary Code Execution

Source: BUGTRAQ
Type: UNKNOWN
20100224 ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability

Source: BID
Type: Exploit
38380

Source: CCN
Type: BID-38380
EMC HomeBase Server Directory Traversal Remote Code Execution Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0458

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-10-020/

Source: XF
Type: UNKNOWN
homebase-ssl-directory-traversal(56502)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-27-2011]

Source: CCN
Type: ZDI-10-020
EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:emc:homebase_server:6.2:*:*:*:*:*:*:*

OR cpe:/a:emc:homebase_server:6.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK