CVE-2007-2836

{"id": "CVE-2007-2836", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-02T19:30:00.000", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691", "source": "cve@mitre.org"}, {"url": "http://hikiwiki.org/en/advisory20070624.html", "source": "cve@mitre.org"}, {"url": "http://hikiwiki.org/hiki-0_8_6.patch", "source": "cve@mitre.org"}, {"url": "http://jvn.jp/jp/JVN%2305187780/index.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37469", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25764", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25874", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2007/dsa-1324", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24603", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2304", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35029", "source": "cve@mitre.org"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://hikiwiki.org/en/advisory20070624.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://hikiwiki.org/hiki-0_8_6.patch", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvn.jp/jp/JVN%2305187780/index.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/37469", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25764", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25874", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2007/dsa-1324", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/24603", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2304", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35029", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en session.rb en Hiki 0.8.0 hasta 0.8.6 permite a atacantes remotos borrar ficheros de su elecci\u00f3n mediante secuencias de salto de directorio en el ID de sesi\u00f3n, el cual es comprobado contra una expresi\u00f3n regular que no es suficientemente restrictiva antes de ser usado para construir un nombre de fichero que es marcado para el borrado al finalizar la sesi\u00f3n."}], "lastModified": "2024-11-21T00:31:46.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hiki:hiki:0.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A025628-6766-4402-A9B5-EE8983BC0283"}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAEBA2F7-AA11-448B-AB89-77A2B51426C5"}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F760D12-A498-4E19-8D54-A7D46709B757"}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "773C25D4-1992-443D-BC7F-DA9100B316BA"}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ECEE236-A043-419B-8AE3-8A364594610E"}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F87C406F-C01A-4A4D-9CCA-CF646BABFE46"}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5D70575-4E6B-4E28-BF4F-C545E3FF47CE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "The vendor has addressed this issue through a product update: http://prdownloads.sourceforge.jp/hiki/25954/hiki-0.8.7.tar.gz\r\n\r\n"}