[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1688Date: (C)2011-04-22   (M)2023-12-22


Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-44189
BID-47383
ADV-2011-1071
DSA-2220
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html
http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
https://bugzilla.redhat.com/show_bug.cgi?id=696795
rt-unspecified-dir-traversal(66795)

CPE    47
cpe:/a:bestpractical:rt:3.8.6:rc1
cpe:/a:bestpractical:rt:3.6.10
cpe:/a:bestpractical:rt:3.8.9:rc1
cpe:/a:bestpractical:rt:3.8.9:rc2
...
CWE    1
CWE-22
OVAL    1
oval:org.secpod.oval:def:600543

© SecPod Technologies