CVE-2010-3306

{"id": "CVE-2010-3306", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-09-24T19:00:06.323", "references": [{"url": "http://code.google.com/p/weborf/source/detail?r=464", "source": "secalert@redhat.com"}, {"url": "http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.3", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/41286", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.exploit-db.com/exploits/14925/", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/17/3", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/17/8", "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/67840", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la funci\u00f3n modURL de instance.c de Weborf en versiones anteriores a la v0.12.3 permite a atacantes remotos leer ficheros de su elecci\u00f3n a trav\u00e9s de secuencias ..%2f en una URI."}], "lastModified": "2010-09-27T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBC7CD4E-E756-47F1-8F33-167C7C2D5E33", "versionEndIncluding": "0.12.2"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6650A16B-CFBF-4C86-B01F-CCDEA7E4F4F4"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B789AE33-D621-4DFB-8C8D-66530B91C953"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94D66BF6-15A7-4E07-8AD9-F6E6C0B178D9"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "543DFE13-2B57-4BDB-93AF-FABFC3BEBB6E"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "639D8DC1-3244-405F-8FFB-CE39956F6045"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3936329-9F69-4B0B-B26F-F9648D3C0D66"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CEB6737-5814-4C64-A5D7-19ED85658A5B"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31BF56FB-C471-4E39-949B-29D811323FE5"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87C00E1D-EBC7-41BA-95D1-6B3C0DB9EDD0"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0A3CEAE-1E2D-41E7-8E31-A0CBCE418BC9"}, {"criteria": "cpe:2.3:a:salvo_g._tomaselli:weborf:0.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "638B2EDA-2381-473B-A6DF-3E9891BA7FE8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}