Vulnerability Details CVE-2004-2640
Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.118
EPSS Ranking 93.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/12963
- http://securitytracker.com/id?1011920
- http://sourceforge.net/project/shownotes.php?release_id=277371
- http://www.osvdb.org/11103
- http://www.securityfocus.com/bid/11517
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17833
- http://secunia.com/advisories/12963
- http://securitytracker.com/id?1011920
- http://sourceforge.net/project/shownotes.php?release_id=277371
- http://www.osvdb.org/11103
- http://www.securityfocus.com/bid/11517
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17833
Products affected by CVE-2004-2640
-
cpe:2.3:a:ryszard_pydo:linuxstat:0.90
-
cpe:2.3:a:ryszard_pydo:linuxstat:0.94
-
cpe:2.3:a:ryszard_pydo:linuxstat:2.0
-
cpe:2.3:a:ryszard_pydo:linuxstat:2.0_beta
-
cpe:2.3:a:ryszard_pydo:linuxstat:2.0_beta2
-
cpe:2.3:a:ryszard_pydo:linuxstat:2.1
-
cpe:2.3:a:ryszard_pydo:linuxstat:2.2
-
cpe:2.3:a:ryszard_pydo:linuxstat:2.3