CVE-2008-6522

{"id": "CVE-2008-6522", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-03-25T18:30:00.327", "references": [{"url": "http://www.securityfocus.com/archive/1/490341/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28550", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41572", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/490341/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28550", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41572", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en la funci\u00f3n RenderFile function in ContentRender.class.php en Terracotta (tambi\u00e9n conocida como OpenTerracotta) v0.6.1, y posiblemente otras versiones, permite a atacantes remotos listar directorios de su elecci\u00f3n y leer archivos a trav\u00e9s de .. (punto punto) en los par\u00e1metros (1) \"CurrentDirectory\" y (2) \"File\" al index.php."}], "lastModified": "2024-11-21T00:56:45.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devraj_mukherjee:openterracotta:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "028C0FC4-29C8-46C2-8F27-EA8E08734E20"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}