CVE-2010-3468:sava_cms, mura_cms: Directory traversal vulnerability in fileManager.cf...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3468

sava_cms, mura_cms: Directory traversal vulnerability in fileManager.cf...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3468

Original

Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-09-29

Source Information Category:

Advisory, Alert

Last Updated:

2010-09-30

Affected Product Tags

cpe:/a:blueriver:mura_cms:5.1

cpe:/a:blueriver:mura_cms:5.2

cpe:/a:blueriver:sava_cms:5.0

cpe:/a:blueriver:sava_cms:5.0.122

cpe:/a:blueriver:sava_cms:5.2

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 43499

CONFIRM http://www.getmura.com/index.cfm/blog/critical-security-patch/

EXPLOIT-DB 15120

MISC http://www.stratsec.net/Research/Advisories/Blue-River-Mura-CMS-Directory-Traversal-%28SS-2010-0

SECUNIA 41591

Vulnerability Type Path Traversal (CWE-22)