CVE-2007-5005

EPSS 3.66%
Veröffentlicht 01.10.2007 20:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Broadcom ≫ Brightstor Arcserve Backup Laptops Desktops Version4.0

Broadcom ≫ Brightstor Arcserve Backup Laptops Desktops Version11.0

Broadcom ≫ Brightstor Arcserve Backup Laptops Desktops Version11.1

Broadcom ≫ Brightstor Arcserve Backup Laptops Desktops Version11.1 Updatesp1

Broadcom ≫ Brightstor Arcserve Backup Laptops Desktops Version11.5

Broadcom ≫ Desktop Management Suite Version11.0

Broadcom ≫ Desktop Management Suite Version11.1

Broadcom ≫ Desktop Management Suite Version11.2

Ca ≫ Protection Suites Versionr2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.66%	0.874

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://research.eeye.com/html/advisories/published/AD20070920.html

http://secunia.com/advisories/25606

Patch

Vendor Advisory

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Patch

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

Patch

http://www.securityfocus.com/archive/1/480252/100/100/threaded

http://www.securityfocus.com/bid/24348

http://www.securitytracker.com/id?1018728

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676

Patch

https://nvd.nist.gov/vuln/detail/CVE-2007-5005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5005

EUVD