Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1617

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-1617
Last Modified 26 Sep 2012 12:00:00
Published 25 Sep 2012 08:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1617

Summary

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.

Vulnerable Systems

Application

  • Juan Ramon Osclass 1.1

  • Juan Ramon Osclass 1.2

  • Juan Ramon Osclass 2.0

  • Juan Ramon Osclass 2.0.1

  • Juan Ramon Osclass 2.0.2

  • Juan Ramon Osclass 2.0.3

  • Juan Ramon Osclass 2.1

  • Juan Ramon Osclass 2.1.1

  • Juan Ramon Osclass 2.2

  • Juan Ramon Osclass 2.2.1

  • Juan Ramon Osclass 2.2.2

  • Juan Ramon Osclass 2.2.3

  • Juan Ramon Osclass 2.3

  • Juan Ramon Osclass 2.3.1

  • Juan Ramon Osclass 2.3.2

  • Juan Ramon Osclass 2.3.3

  • Juan Ramon Osclass 2.3.4

  • Juan Ramon Osclass 2.3.5


References

CONFIRM - https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1

CONFIRM - https://github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566a

CONFIRM - https://github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4b

XF - osclass-file-upload(73755)

XF - osclass-directory-traversal(73754)

BID - 52336

MLIST - [oss-security] 20120404 Re: CVE request: OSClass directory traversal vulnerability

MLIST - [oss-security] 20120403 Re: CVE request: OSClass directory traversal vulnerability

MLIST - [oss-security] 20120402 Re: CVE request: OSClass directory traversal vulnerability

MLIST - [oss-security] 20120402 CVE request: OSClass directory traversal vulnerability

MISC - http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability

SECUNIA - 48284

CONFIRM - http://osclass.org/2012/03/05/osclass-2-3-6/

BUGTRAQ - 20120307 OSClass directory traversal (leads to arbitrary file upload)


Last Updated: 27 May 2016 11:00:48