Vulnerability Details CVE-2015-3297
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2015/04/11/1
- http://www.openwall.com/lists/oss-security/2015/04/12/1
- http://www.securityfocus.com/bid/74056
- https://github.com/ether/etherpad-lite/commit/9d4e5f6
- http://www.openwall.com/lists/oss-security/2015/04/11/1
- http://www.openwall.com/lists/oss-security/2015/04/12/1
- http://www.securityfocus.com/bid/74056
- https://github.com/ether/etherpad-lite/commit/9d4e5f6
Products affected by CVE-2015-3297
-
cpe:2.3:a:etherpad:etherpad:1.1.1
-
cpe:2.3:a:etherpad:etherpad:1.1.2
-
cpe:2.3:a:etherpad:etherpad:1.1.3
-
cpe:2.3:a:etherpad:etherpad:1.1.4
-
cpe:2.3:a:etherpad:etherpad:1.1.5
-
cpe:2.3:a:etherpad:etherpad:1.2.0
-
cpe:2.3:a:etherpad:etherpad:1.2.1
-
cpe:2.3:a:etherpad:etherpad:1.2.10
-
cpe:2.3:a:etherpad:etherpad:1.2.11
-
cpe:2.3:a:etherpad:etherpad:1.2.12
-
cpe:2.3:a:etherpad:etherpad:1.2.2
-
cpe:2.3:a:etherpad:etherpad:1.2.3
-
cpe:2.3:a:etherpad:etherpad:1.2.4
-
cpe:2.3:a:etherpad:etherpad:1.2.5
-
cpe:2.3:a:etherpad:etherpad:1.2.6
-
cpe:2.3:a:etherpad:etherpad:1.2.7
-
cpe:2.3:a:etherpad:etherpad:1.2.8
-
cpe:2.3:a:etherpad:etherpad:1.2.81
-
cpe:2.3:a:etherpad:etherpad:1.2.9
-
cpe:2.3:a:etherpad:etherpad:1.2.91
-
cpe:2.3:a:etherpad:etherpad:1.3.0
-
cpe:2.3:a:etherpad:etherpad:1.4.0
-
cpe:2.3:a:etherpad:etherpad:1.4.1
-
cpe:2.3:a:etherpad:etherpad:1.5.0
-
cpe:2.3:a:etherpad:etherpad:1.5.1
-
cpe:2.3:a:etherpad:etherpad:1.5.2