CVE-2007-6483

Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://safenet-inc.com/support/files/SPI740SecurityPatch.zip
http://secunia.com/advisories/27811	Vendor Advisory
http://securityreason.com/securityalert/3471
http://www.securityfocus.com/archive/1/484201/100/200/threaded
http://www.securityfocus.com/archive/1/484224/100/200/threaded
http://www.securityfocus.com/bid/26583	Exploit Patch
http://www.securitytracker.com/id?1018992	Exploit
http://www.vupen.com/english/advisories/2007/4011
https://exchange.xforce.ibmcloud.com/vulnerabilities/38636
https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01
http://safenet-inc.com/support/files/SPI740SecurityPatch.zip
http://secunia.com/advisories/27811	Vendor Advisory
http://securityreason.com/securityalert/3471
http://www.securityfocus.com/archive/1/484201/100/200/threaded
http://www.securityfocus.com/archive/1/484224/100/200/threaded
http://www.securityfocus.com/bid/26583	Exploit Patch
http://www.securitytracker.com/id?1018992	Exploit
http://www.vupen.com/english/advisories/2007/4011
https://exchange.xforce.ibmcloud.com/vulnerabilities/38636
https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:safenet:sentinel_keys_server:1.0.3:::::::*
	cpe:2.3:a:safenet:sentinel_protection_server:7.0:::::::*
	cpe:2.3:a:safenet:sentinel_protection_server:7.1:::::::*
	cpe:2.3:a:safenet:sentinel_protection_server:7.2:::::::*
	cpe:2.3:a:safenet:sentinel_protection_server:7.3:::::::*
	cpe:2.3:a:safenet:sentinel_protection_server:7.4:::::::*

History

21 Nov 2024, 00:40

Type	Values Removed	Values Added
References	~~() http://safenet-inc.com/support/files/SPI740SecurityPatch.zip -~~	() http://safenet-inc.com/support/files/SPI740SecurityPatch.zip -
References	~~() http://secunia.com/advisories/27811 - Vendor Advisory~~	() http://secunia.com/advisories/27811 - Vendor Advisory
References	~~() http://securityreason.com/securityalert/3471 -~~	() http://securityreason.com/securityalert/3471 -
References	~~() http://www.securityfocus.com/archive/1/484201/100/200/threaded -~~	() http://www.securityfocus.com/archive/1/484201/100/200/threaded -
References	~~() http://www.securityfocus.com/archive/1/484224/100/200/threaded -~~	() http://www.securityfocus.com/archive/1/484224/100/200/threaded -
References	~~() http://www.securityfocus.com/bid/26583 - Exploit, Patch~~	() http://www.securityfocus.com/bid/26583 - Exploit, Patch
References	~~() http://www.securitytracker.com/id?1018992 - Exploit~~	() http://www.securitytracker.com/id?1018992 - Exploit
References	~~() http://www.vupen.com/english/advisories/2007/4011 -~~	() http://www.vupen.com/english/advisories/2007/4011 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/38636 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/38636 -
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01 -~~	() https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01 -

Information

Published : 2007-12-20 20:46

Updated : 2024-11-21 00:40

NVD link : CVE-2007-6483

Mitre link : CVE-2007-6483

CVE.ORG link : CVE-2007-6483

JSON object : View

Products Affected

safenet

sentinel_protection_server
sentinel_keys_server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

5.0 /10