CVE-2008-0396

Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitdefender:update_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:41

Type Values Removed Values Added
References () http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/ - () http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/ -
References () http://secunia.com/advisories/28578 - Vendor Advisory () http://secunia.com/advisories/28578 - Vendor Advisory
References () http://securityreason.com/securityalert/3568 - () http://securityreason.com/securityalert/3568 -
References () http://www.oliverkarow.de/research/bitdefender.txt - Exploit () http://www.oliverkarow.de/research/bitdefender.txt - Exploit
References () http://www.securityfocus.com/archive/1/486701/100/0/threaded - () http://www.securityfocus.com/archive/1/486701/100/0/threaded -
References () http://www.securityfocus.com/bid/27358 - Exploit () http://www.securityfocus.com/bid/27358 - Exploit
References () http://www.vupen.com/english/advisories/2008/0213 - () http://www.vupen.com/english/advisories/2008/0213 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/39802 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/39802 -

Information

Published : 2008-01-23 12:00

Updated : 2024-11-21 00:41


NVD link : CVE-2008-0396

Mitre link : CVE-2008-0396

CVE.ORG link : CVE-2008-0396


JSON object : View

Products Affected

bitdefender

  • update_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')