CVE-2005-3347

EPSS 2.64%
Veröffentlicht 18.11.2005 02:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle security@debian.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536.  NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpgroupware ≫ Phpgroupware Version0.9.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.64%	0.843

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://secunia.com/advisories/17616

http://secunia.com/advisories/17643

http://www.debian.org/security/2005/dsa-897

http://www.debian.org/security/2005/dsa-898

Patch

Vendor Advisory

http://www.debian.org/security/2005/dsa-899

http://www.mandriva.com/security/advisories?name=MDKSA-2005:212

http://www.securityfocus.com/archive/1/416543

http://www.securityfocus.com/bid/15414

http://secunia.com/advisories/17441

http://secunia.com/advisories/17570