CVE-2007-6317

Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:real_time_logic:barracudadrive_web_server:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:real_time_logic:barracudadrive_web_server_home_server:3.7.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:39

Type Values Removed Values Added
References () http://aluigi.altervista.org/adv/barradrive-adv.txt - Exploit () http://aluigi.altervista.org/adv/barradrive-adv.txt - Exploit
References () http://secunia.com/advisories/28032 - Vendor Advisory () http://secunia.com/advisories/28032 - Vendor Advisory
References () http://securityreason.com/securityalert/3434 - () http://securityreason.com/securityalert/3434 -
References () http://www.securityfocus.com/archive/1/484833/100/0/threaded - () http://www.securityfocus.com/archive/1/484833/100/0/threaded -
References () http://www.securityfocus.com/bid/26805 - Exploit, Patch () http://www.securityfocus.com/bid/26805 - Exploit, Patch

Information

Published : 2007-12-12 00:46

Updated : 2024-11-21 00:39


NVD link : CVE-2007-6317

Mitre link : CVE-2007-6317

CVE.ORG link : CVE-2007-6317


JSON object : View

Products Affected

real_time_logic

  • barracudadrive_web_server
  • barracudadrive_web_server_home_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')