NVD

Id
1549  
Name
CVE-2008-1606  
Description
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a ".." (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.  
Reject
 
CVSS Version
2  
CVSS Score
6  
Severity
Medium  
CVSS Base Score
6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-04-01  
Modified Date
2011-03-07  
Seq
2008-1606  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
10049 1549 CVE-2008-1606 http://developer.elasticpath.com/entry!default.jspa?categoryID=4&externalID=1334  View
10050 1549 CVE-2008-1606 http://weblog.nomejortu.com/?p=37  View
10051 1549 CVE-2008-1606 http://www.mwrinfosecurity.com/publications/mwri_elastic-path-arbitrary-file-system-access_2008-02-22.pdf  View
10052 1549 CVE-2008-1606 28352  View
10053 1549 CVE-2008-1606 elastic-path-multiple-directory-traversal(41356)  View
10054 1549 CVE-2008-1606 elasticpath-pathdir-directory-traversal(41364)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
47594 JVNDB-2008-002904 EP におけるディレクトリトラバーサルの脆弱性 Elastic Path (EP) には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2008-1606 31719 CVE-2008-1606 1549 6 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002904.html 2008-04-01 2012-06-26 View