Vulnerability Details CVE-2010-3306
Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.064
EPSS Ranking 90.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://code.google.com/p/weborf/source/detail?r=464
- http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.3
- http://secunia.com/advisories/41286
- http://www.exploit-db.com/exploits/14925/
- http://www.openwall.com/lists/oss-security/2010/09/17/3
- http://www.openwall.com/lists/oss-security/2010/09/17/8
- http://www.osvdb.org/67840
- http://code.google.com/p/weborf/source/detail?r=464
- http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.3
- http://secunia.com/advisories/41286
- http://www.exploit-db.com/exploits/14925/
- http://www.openwall.com/lists/oss-security/2010/09/17/3
- http://www.openwall.com/lists/oss-security/2010/09/17/8
- http://www.osvdb.org/67840
Products affected by CVE-2010-3306
-
cpe:2.3:a:salvo_g._tomaselli:weborf:*
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.10
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.11
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.12
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.12.1
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.3
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.4
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.5
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.6
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.7
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.8
-
cpe:2.3:a:salvo_g._tomaselli:weborf:0.9