Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5685

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5685
Last Modified 15 Nov 2008 02:01:50
Published 28 Oct 2007 01:08:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5685

Summary

The safe_path function in shttp before 0.0.5 allows remote attackers to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree.

Vulnerable Systems

Application

  • Serverkit Shttp 0.0.4


References

MISC - http://www.digineo.co.uk/shttp_directory_traversal

CONFIRM - http://serverkit.org/modules/contrib/shttp/shttp-0.0.5.tar.gz

BID - 26212

BUGTRAQ - 20071025 Directory traversal flaw in shttp

OSVDB - 43607

XF - shttp-safepath-directory-traversal(37455)


Last Updated: 27 May 2016 10:46:14