6.4

CVE-2004-0235

Exploit

EPSS 6.96%
Published 18.08.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

Clearswift ≫ Mailsweeper Version4.0

Clearswift ≫ Mailsweeper Version4.1

Clearswift ≫ Mailsweeper Version4.2

Clearswift ≫ Mailsweeper Version4.3

Clearswift ≫ Mailsweeper Version4.3.3

Clearswift ≫ Mailsweeper Version4.3.4

Clearswift ≫ Mailsweeper Version4.3.5

Clearswift ≫ Mailsweeper Version4.3.6

Clearswift ≫ Mailsweeper Version4.3.6_sp1

Clearswift ≫ Mailsweeper Version4.3.7

Clearswift ≫ Mailsweeper Version4.3.8

Clearswift ≫ Mailsweeper Version4.3.10

Clearswift ≫ Mailsweeper Version4.3.11

Clearswift ≫ Mailsweeper Version4.3.13

F-secure ≫ F-secure Anti-virus Version4.51 Editionlinux_gateways

F-secure ≫ F-secure Anti-virus Version4.51 Editionlinux_servers

F-secure ≫ F-secure Anti-virus Version4.51 Editionlinux_workstations

F-secure ≫ F-secure Anti-virus Version4.52 Editionlinux_gateways

F-secure ≫ F-secure Anti-virus Version4.52 Editionlinux_servers

F-secure ≫ F-secure Anti-virus Version4.52 Editionlinux_workstations

F-secure ≫ F-secure Anti-virus Version4.60 Editionsamba_servers

F-secure ≫ F-secure Anti-virus Version5.5 Editionclient_security

F-secure ≫ F-secure Anti-virus Version5.41 Editionmimesweeper

F-secure ≫ F-secure Anti-virus Version5.41 Editionwindows_servers

F-secure ≫ F-secure Anti-virus Version5.41 Editionworkstations

F-secure ≫ F-secure Anti-virus Version5.42 Editionmimesweeper

F-secure ≫ F-secure Anti-virus Version5.42 Editionwindows_servers

F-secure ≫ F-secure Anti-virus Version5.42 Editionworkstations

F-secure ≫ F-secure Anti-virus Version5.52 Editionclient_security

F-secure ≫ F-secure Anti-virus Version6.21 Editionms_exchange

F-secure ≫ F-secure Anti-virus Version2003

F-secure ≫ F-secure Anti-virus Version2004

F-secure ≫ F-secure For Firewalls Version6.20

F-secure ≫ F-secure Internet Security Version2003

F-secure ≫ F-secure Internet Security Version2004

F-secure ≫ F-secure Personal Express Version4.5

F-secure ≫ F-secure Personal Express Version4.6

F-secure ≫ F-secure Personal Express Version4.7

F-secure ≫ Internet Gatekeeper Version6.31

F-secure ≫ Internet Gatekeeper Version6.32

RARLAB ≫ WinRAR Version3.20

Redhat ≫ Lha Version1.14i-9 Editioni386

Sgi ≫ Propack Version2.4

Sgi ≫ Propack Version3.0

Stalker ≫ Cgpmcafee Version3.2

Tsugio Okamoto ≫ Lha Version1.14

Tsugio Okamoto ≫ Lha Version1.15

Tsugio Okamoto ≫ Lha Version1.17

Winzip ≫ Winzip Version9.0

Redhat ≫ Fedora Core Versioncore_1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.96%	0.906

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840

http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html

http://marc.info/?l=bugtraq&m=108422737918885&w=2

http://security.gentoo.org/glsa/glsa-200405-02.xml

http://www.debian.org/security/2004/dsa-515

http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html

http://www.redhat.com/support/errata/RHSA-2004-178.html

http://www.redhat.com/support/errata/RHSA-2004-179.html

http://www.securityfocus.com/bid/10243

Patch

Vendor Advisory

Exploit

https://bugzilla.fedora.us/show_bug.cgi?id=1833

https://exchange.xforce.ibmcloud.com/vulnerabilities/16013

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978

https://nvd.nist.gov/vuln/detail/CVE-2004-0235

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0235

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0235

EUVD