CVE-2010-0620

Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securityreason.com/securityalert/8230
http://www.securityfocus.com/archive/1/509723/100/0/threaded
http://www.securityfocus.com/bid/38380	Exploit
http://www.vupen.com/english/advisories/2010/0458	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-020/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:homebase_server:6.2:::::::*
	cpe:2.3:a:emc:homebase_server:6.3:::::::*

History

No history.

Information

Published : 2010-02-25 00:30

Updated : 2024-02-28 11:41

NVD link : CVE-2010-0620

Mitre link : CVE-2010-0620

CVE.ORG link : CVE-2010-0620

JSON object : View

Products Affected

emc

homebase_server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2010-0620", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-02-25T00:30:00.563", "references": [{"url": "http://securityreason.com/securityalert/8230", "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/archive/1/509723/100/0/threaded", "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/38380", "tags": ["Exploit"], "source": "security_alert@emc.com"}, {"url": "http://www.vupen.com/english/advisories/2010/0458", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-020/", "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter."}, {"lang": "es", "value": "Una vulnerabilidad de salto del directorio en Servicio SSL en HomeBase Server de EMC, versiones 6.2.x anteriores a 6.2.3 y versiones 6.3.x anteriores a 6.3.2, permite a los atacantes remotos sobrescribir archivos arbitrarios con cualquier contenido y en consecuencia, ejecutar c\u00f3digo arbitrario por medio de un .. (punto punto) en un par\u00e1metro no especificado."}], "lastModified": "2018-10-10T19:53:09.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:homebase_server:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D36EB7F-CA40-4C44-9E25-1E7AF6BB2FA9"}, {"criteria": "cpe:2.3:a:emc:homebase_server:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D186C00-9FD7-4635-B312-B6EF32855725"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://seclists.org/bugtraq/2010/Feb/222\r\n\r\nAffected products:\r\n\r\nEMC HomeBase Server version 6.2.x\r\n\r\nEMC HomeBase Server version 6.3.x\r\n", "sourceIdentifier": "security_alert@emc.com"}