6.4

CVE-2004-0235

Exploit

EPSS 6.96%
Veröffentlicht 18.08.2004 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Clearswift ≫ Mailsweeper Version4.0

Clearswift ≫ Mailsweeper Version4.1

Clearswift ≫ Mailsweeper Version4.2

Clearswift ≫ Mailsweeper Version4.3

Clearswift ≫ Mailsweeper Version4.3.3

Clearswift ≫ Mailsweeper Version4.3.4

Clearswift ≫ Mailsweeper Version4.3.5

Clearswift ≫ Mailsweeper Version4.3.6

Clearswift ≫ Mailsweeper Version4.3.6_sp1

Clearswift ≫ Mailsweeper Version4.3.7

Clearswift ≫ Mailsweeper Version4.3.8

Clearswift ≫ Mailsweeper Version4.3.10

Clearswift ≫ Mailsweeper Version4.3.11

Clearswift ≫ Mailsweeper Version4.3.13

F-secure ≫ F-secure Anti-virus Version4.51 Editionlinux_gateways

F-secure ≫ F-secure Anti-virus Version4.51 Editionlinux_servers

F-secure ≫ F-secure Anti-virus Version4.51 Editionlinux_workstations

F-secure ≫ F-secure Anti-virus Version4.52 Editionlinux_gateways

F-secure ≫ F-secure Anti-virus Version4.52 Editionlinux_servers

F-secure ≫ F-secure Anti-virus Version4.52 Editionlinux_workstations

F-secure ≫ F-secure Anti-virus Version4.60 Editionsamba_servers

F-secure ≫ F-secure Anti-virus Version5.5 Editionclient_security

F-secure ≫ F-secure Anti-virus Version5.41 Editionmimesweeper

F-secure ≫ F-secure Anti-virus Version5.41 Editionwindows_servers

F-secure ≫ F-secure Anti-virus Version5.41 Editionworkstations

F-secure ≫ F-secure Anti-virus Version5.42 Editionmimesweeper

F-secure ≫ F-secure Anti-virus Version5.42 Editionwindows_servers

F-secure ≫ F-secure Anti-virus Version5.42 Editionworkstations

F-secure ≫ F-secure Anti-virus Version5.52 Editionclient_security

F-secure ≫ F-secure Anti-virus Version6.21 Editionms_exchange

F-secure ≫ F-secure Anti-virus Version2003

F-secure ≫ F-secure Anti-virus Version2004

F-secure ≫ F-secure For Firewalls Version6.20

F-secure ≫ F-secure Internet Security Version2003

F-secure ≫ F-secure Internet Security Version2004

F-secure ≫ F-secure Personal Express Version4.5

F-secure ≫ F-secure Personal Express Version4.6

F-secure ≫ F-secure Personal Express Version4.7

F-secure ≫ Internet Gatekeeper Version6.31

F-secure ≫ Internet Gatekeeper Version6.32

RARLAB ≫ WinRAR Version3.20

Redhat ≫ Lha Version1.14i-9 Editioni386

Sgi ≫ Propack Version2.4

Sgi ≫ Propack Version3.0

Stalker ≫ Cgpmcafee Version3.2

Tsugio Okamoto ≫ Lha Version1.14

Tsugio Okamoto ≫ Lha Version1.15

Tsugio Okamoto ≫ Lha Version1.17

Winzip ≫ Winzip Version9.0

Redhat ≫ Fedora Core Versioncore_1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.96%	0.906

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840

http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html

http://marc.info/?l=bugtraq&m=108422737918885&w=2

http://security.gentoo.org/glsa/glsa-200405-02.xml

http://www.debian.org/security/2004/dsa-515

http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html

http://www.redhat.com/support/errata/RHSA-2004-178.html

http://www.redhat.com/support/errata/RHSA-2004-179.html

http://www.securityfocus.com/bid/10243

Patch

Vendor Advisory

Exploit

https://bugzilla.fedora.us/show_bug.cgi?id=1833

https://exchange.xforce.ibmcloud.com/vulnerabilities/16013

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978

https://nvd.nist.gov/vuln/detail/CVE-2004-0235

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0235

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0235

EUVD