Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4696

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4696
Last Modified 04 Mar 2014 11:01:22
Published 03 Mar 2014 11:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4696

Summary

Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allows man-in-the-middle attackers to create arbitrary files via a .. (dot dot) in the filesignature in a GetPhotoStatus request.

Vulnerable Systems

Application

  • Eye-fi Helper 2.0.3.0

  • Eye-fi Helper 2.0.4.0

  • Eye-fi Helper 2.5.1.0

  • Eye-fi Helper 2.5.26.0

  • Eye-fi Helper 2.5.27.0

  • Eye-fi Helper 2.5.4.0

  • Eye-fi Helper 2.5.5.0

  • Eye-fi Helper 2.6.0.0

  • Eye-fi Helper 2.6.12.0

  • Eye-fi Helper 2.6.9.0

  • Eye-fi Helper 3.1.2

  • Eye-fi Helper 3.1.9

  • Eye-fi Helper 3.2.2

  • Eye-fi Helper 3.3.0


References

XF - eyefihelper-getphotostatus-dir-traversal(80995)

BID - 57163

MISC - http://www.pentest.co.uk/documents/ptl-2013-01.html


Last Updated: 27 May 2016 11:04:32