Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0396

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-0396
Last Modified 07 Mar 2011 10:04:38
Published 23 Jan 2008 07:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0396

Summary

Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.

Vulnerable Systems

Application

  • Bitdefender Update Server


References

XF - bitdefender-http-server-directory-traversal(39802)

VUPEN - ADV-2008-0213

BID - 27358

BUGTRAQ - 20080119 BitDefender Update Server - Unauthorized Remote File Access Vulnerability

MISC - http://www.oliverkarow.de/research/bitdefender.txt

SECUNIA - 28578

MISC - http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/

SREASON - 3568


Last Updated: 27 May 2016 10:46:47