CVE

Id
31723  
CVE No.
CVE-2008-1606  
Status
Candidate  
Description
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a ".." (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.  
Phase
Assigned (20080401)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
341067 31723 CVE-2008-1606 MISC:http://weblog.nomejortu.com/?p=37  View
341068 31723 CVE-2008-1606 MISC:http://www.mwrinfosecurity.com/publications/mwri_elastic-path-arbitrary-file-system-access_2008-02-22.pdf  View
341069 31723 CVE-2008-1606 CONFIRM:http://developer.elasticpath.com/entry!default.jspa?categoryID=4&externalID=1334  View
341070 31723 CVE-2008-1606 BID:28352  View
341071 31723 CVE-2008-1606 URL:http://www.securityfocus.com/bid/28352  View
341072 31723 CVE-2008-1606 SECUNIA:29496  View
341073 31723 CVE-2008-1606 URL:http://secunia.com/advisories/29496  View
341074 31723 CVE-2008-1606 XF:elasticpath-pathdir-directory-traversal(41364)  View
341075 31723 CVE-2008-1606 URL:http://xforce.iss.net/xforce/xfdb/41364  View
341076 31723 CVE-2008-1606 XF:elasticpath-multiple-directory-traversal(41356)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
50333 JVNDB-2008-005643 TallSoft Quick TFTP Server Pro におけるスタックベースのバッファオーバーフローの脆弱性 TallSoft Quick TFTP Server Pro には、スタックベースのバッファオーバーフローの脆弱性が存在します。 CVE-2008-1610 31723 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005643.html  View