CVE-2013-4885

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2013-10/msg00030.html	Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-10/msg00035.html
http://nmap.org/changelog.html
http://packetstormsecurity.com/files/122719/TWSL2013-025.txt	Exploit
https://github.com/drk1wi/portspoof/commit/1791fe4e2b9e5b5c8e000551ab60a64a29d924c3	Exploit Patch
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-025.txt	Exploit
http://lists.opensuse.org/opensuse-updates/2013-10/msg00030.html	Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-10/msg00035.html
http://nmap.org/changelog.html
http://packetstormsecurity.com/files/122719/TWSL2013-025.txt	Exploit
https://github.com/drk1wi/portspoof/commit/1791fe4e2b9e5b5c8e000551ab60a64a29d924c3	Exploit Patch
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-025.txt	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nmap:nmap::::::::
	cpe:2.3:a:nmap:nmap:2.1:beta1::::::
	cpe:2.3:a:nmap:nmap:2.2:beta2::::::
	cpe:2.3:a:nmap:nmap:2.2:beta3::::::
	cpe:2.3:a:nmap:nmap:2.2:beta4::::::
	cpe:2.3:a:nmap:nmap:2.3:beta10::::::
	cpe:2.3:a:nmap:nmap:2.3:beta12::::::
	cpe:2.3:a:nmap:nmap:2.3:beta13::::::
	cpe:2.3:a:nmap:nmap:2.3:beta14::::::
	cpe:2.3:a:nmap:nmap:2.3:beta17::::::
	cpe:2.3:a:nmap:nmap:2.3:beta18::::::
	cpe:2.3:a:nmap:nmap:2.3:beta19::::::
	cpe:2.3:a:nmap:nmap:2.3:beta20::::::
	cpe:2.3:a:nmap:nmap:2.3:beta21::::::
	cpe:2.3:a:nmap:nmap:2.3:beta4::::::
	cpe:2.3:a:nmap:nmap:2.3:beta5::::::
	cpe:2.3:a:nmap:nmap:2.3:beta6::::::
	cpe:2.3:a:nmap:nmap:2.3:beta8::::::
	cpe:2.3:a:nmap:nmap:2.3:beta9::::::
	cpe:2.3:a:nmap:nmap:2.05:::::::*
	cpe:2.3:a:nmap:nmap:2.06:::::::*
	cpe:2.3:a:nmap:nmap:2.07:::::::*
	cpe:2.3:a:nmap:nmap:2.08:::::::*
	cpe:2.3:a:nmap:nmap:2.09:::::::*
	cpe:2.3:a:nmap:nmap:2.10:::::::*
	cpe:2.3:a:nmap:nmap:2.11:::::::*
	cpe:2.3:a:nmap:nmap:2.12:::::::*
	cpe:2.3:a:nmap:nmap:2.50:::::::*
	cpe:2.3:a:nmap:nmap:2.51:::::::*
	cpe:2.3:a:nmap:nmap:2.52:::::::*
	cpe:2.3:a:nmap:nmap:2.53:::::::*
	cpe:2.3:a:nmap:nmap:2.54:beta1::::::
	cpe:2.3:a:nmap:nmap:2.54:beta16::::::
	cpe:2.3:a:nmap:nmap:2.54:beta19::::::
	cpe:2.3:a:nmap:nmap:2.54:beta2::::::
	cpe:2.3:a:nmap:nmap:2.54:beta20::::::
	cpe:2.3:a:nmap:nmap:2.54:beta21::::::
	cpe:2.3:a:nmap:nmap:2.54:beta22::::::
	cpe:2.3:a:nmap:nmap:2.54:beta24::::::
	cpe:2.3:a:nmap:nmap:2.54:beta25::::::
	cpe:2.3:a:nmap:nmap:2.54:beta26::::::
	cpe:2.3:a:nmap:nmap:2.54:beta27::::::
	cpe:2.3:a:nmap:nmap:2.54:beta28::::::
	cpe:2.3:a:nmap:nmap:2.54:beta29::::::
	cpe:2.3:a:nmap:nmap:2.54:beta3::::::
	cpe:2.3:a:nmap:nmap:2.54:beta30::::::
	cpe:2.3:a:nmap:nmap:2.54:beta31::::::
	cpe:2.3:a:nmap:nmap:2.54:beta32::::::
	cpe:2.3:a:nmap:nmap:2.54:beta33::::::
	cpe:2.3:a:nmap:nmap:2.54:beta34::::::
	cpe:2.3:a:nmap:nmap:2.54:beta35::::::
	cpe:2.3:a:nmap:nmap:2.54:beta36::::::
	cpe:2.3:a:nmap:nmap:2.54:beta37::::::
	cpe:2.3:a:nmap:nmap:2.54:beta4::::::
	cpe:2.3:a:nmap:nmap:2.54:beta5::::::
	cpe:2.3:a:nmap:nmap:2.54:beta6::::::
	cpe:2.3:a:nmap:nmap:2.54:beta7::::::
	cpe:2.3:a:nmap:nmap:2.99:rc1::::::
	cpe:2.3:a:nmap:nmap:2.99:rc2::::::
	cpe:2.3:a:nmap:nmap:3.00:::::::*
	cpe:2.3:a:nmap:nmap:3.10:alpha1::::::
	cpe:2.3:a:nmap:nmap:3.10:alpha2::::::
	cpe:2.3:a:nmap:nmap:3.10:alpha3::::::
	cpe:2.3:a:nmap:nmap:3.10:alpha4::::::
cpe:2.3:a:nmap:nmap:3.10:alpha5::::::
cpe:2.3:a:nmap:nmap:3.10:alpha7::::::
cpe:2.3:a:nmap:nmap:3.10:alpha9::::::
cpe:2.3:a:nmap:nmap:3.15:beta1::::::
cpe:2.3:a:nmap:nmap:3.15:beta2::::::
cpe:2.3:a:nmap:nmap:3.15:beta3::::::
cpe:2.3:a:nmap:nmap:3.20:::::::*
cpe:2.3:a:nmap:nmap:3.25:::::::*
cpe:2.3:a:nmap:nmap:3.26:::::::*
cpe:2.3:a:nmap:nmap:3.27:::::::*
cpe:2.3:a:nmap:nmap:3.28:::::::*
cpe:2.3:a:nmap:nmap:3.30:::::::*
cpe:2.3:a:nmap:nmap:3.40:pvt1::::::
cpe:2.3:a:nmap:nmap:3.40:pvt10::::::
cpe:2.3:a:nmap:nmap:3.40:pvt11::::::
cpe:2.3:a:nmap:nmap:3.40:pvt12::::::
cpe:2.3:a:nmap:nmap:3.40:pvt13::::::
cpe:2.3:a:nmap:nmap:3.40:pvt14::::::
cpe:2.3:a:nmap:nmap:3.40:pvt15::::::
cpe:2.3:a:nmap:nmap:3.40:pvt16::::::
cpe:2.3:a:nmap:nmap:3.40:pvt17::::::
cpe:2.3:a:nmap:nmap:3.40:pvt2::::::
cpe:2.3:a:nmap:nmap:3.40:pvt3::::::
cpe:2.3:a:nmap:nmap:3.40:pvt4::::::
cpe:2.3:a:nmap:nmap:3.40:pvt6::::::
cpe:2.3:a:nmap:nmap:3.40:pvt7::::::
cpe:2.3:a:nmap:nmap:3.40:pvt8::::::
cpe:2.3:a:nmap:nmap:3.40:pvt9::::::
cpe:2.3:a:nmap:nmap:3.45:::::::*
cpe:2.3:a:nmap:nmap:3.48:::::::*
cpe:2.3:a:nmap:nmap:3.50:::::::*
cpe:2.3:a:nmap:nmap:3.55:::::::*
cpe:2.3:a:nmap:nmap:3.70:::::::*
cpe:2.3:a:nmap:nmap:3.75:::::::*
cpe:2.3:a:nmap:nmap:3.81:::::::*
cpe:2.3:a:nmap:nmap:3.90:::::::*
cpe:2.3:a:nmap:nmap:3.91:::::::*
cpe:2.3:a:nmap:nmap:3.93:::::::*
cpe:2.3:a:nmap:nmap:3.94:alpha1::::::
cpe:2.3:a:nmap:nmap:3.94:alpha2::::::
cpe:2.3:a:nmap:nmap:3.94:alpha3::::::
cpe:2.3:a:nmap:nmap:3.95:::::::*
cpe:2.3:a:nmap:nmap:3.96:beta1::::::
cpe:2.3:a:nmap:nmap:3.98:beta1::::::
cpe:2.3:a:nmap:nmap:3.99:::::::*
cpe:2.3:a:nmap:nmap:3.999:::::::*
cpe:2.3:a:nmap:nmap:3.9999:::::::*
cpe:2.3:a:nmap:nmap:4.00:::::::*
cpe:2.3:a:nmap:nmap:4.01:::::::*
cpe:2.3:a:nmap:nmap:4.02:alpha1::::::
cpe:2.3:a:nmap:nmap:4.02:alpha2::::::
cpe:2.3:a:nmap:nmap:4.03:::::::*
cpe:2.3:a:nmap:nmap:4.04:beta1::::::
cpe:2.3:a:nmap:nmap:4.10:::::::*
cpe:2.3:a:nmap:nmap:4.11:::::::*
cpe:2.3:a:nmap:nmap:4.20:::::::*
cpe:2.3:a:nmap:nmap:4.20:alpha1::::::
cpe:2.3:a:nmap:nmap:4.20:alpha10::::::
cpe:2.3:a:nmap:nmap:4.20:alpha11::::::
cpe:2.3:a:nmap:nmap:4.20:alpha2::::::
cpe:2.3:a:nmap:nmap:4.20:alpha3::::::
cpe:2.3:a:nmap:nmap:4.20:alpha4::::::
cpe:2.3:a:nmap:nmap:4.20:alpha5::::::
cpe:2.3:a:nmap:nmap:4.20:alpha6::::::
cpe:2.3:a:nmap:nmap:4.20:alpha7::::::
cpe:2.3:a:nmap:nmap:4.20:alpha8::::::
cpe:2.3:a:nmap:nmap:4.20:alpha9::::::
cpe:2.3:a:nmap:nmap:4.20:rc1::::::
cpe:2.3:a:nmap:nmap:4.20:rc2::::::
cpe:2.3:a:nmap:nmap:4.21:alpha1::::::
cpe:2.3:a:nmap:nmap:4.21:alpha2::::::
cpe:2.3:a:nmap:nmap:4.21:alpha3::::::
cpe:2.3:a:nmap:nmap:4.21:alpha4::::::
cpe:2.3:a:nmap:nmap:4.22:soc1::::::
cpe:2.3:a:nmap:nmap:4.22:soc2::::::
cpe:2.3:a:nmap:nmap:4.22:soc3::::::
cpe:2.3:a:nmap:nmap:4.22:soc5::::::
cpe:2.3:a:nmap:nmap:4.22:soc6::::::
cpe:2.3:a:nmap:nmap:4.22:soc7::::::
cpe:2.3:a:nmap:nmap:4.22:soc8::::::
cpe:2.3:a:nmap:nmap:4.49:rc1::::::
cpe:2.3:a:nmap:nmap:4.49:rc2::::::
cpe:2.3:a:nmap:nmap:4.49:rc3::::::
cpe:2.3:a:nmap:nmap:4.49:rc4::::::
cpe:2.3:a:nmap:nmap:4.49:rc5::::::
cpe:2.3:a:nmap:nmap:4.49:rc6::::::
cpe:2.3:a:nmap:nmap:4.49:rc7::::::
cpe:2.3:a:nmap:nmap:4.50:::::::*
cpe:2.3:a:nmap:nmap:4.51:beta::::::
cpe:2.3:a:nmap:nmap:4.52:::::::*
cpe:2.3:a:nmap:nmap:4.53:::::::*
cpe:2.3:a:nmap:nmap:4.60:::::::*
cpe:2.3:a:nmap:nmap:4.62:::::::*
cpe:2.3:a:nmap:nmap:4.65:::::::*
cpe:2.3:a:nmap:nmap:4.68:::::::*
cpe:2.3:a:nmap:nmap:4.75:::::::*
cpe:2.3:a:nmap:nmap:4.76:::::::*
cpe:2.3:a:nmap:nmap:4.85:beta1::::::
cpe:2.3:a:nmap:nmap:4.85:beta10::::::
cpe:2.3:a:nmap:nmap:4.85:beta2::::::
cpe:2.3:a:nmap:nmap:4.85:beta3::::::
cpe:2.3:a:nmap:nmap:4.85:beta4::::::
cpe:2.3:a:nmap:nmap:4.85:beta5::::::
cpe:2.3:a:nmap:nmap:4.85:beta6::::::
cpe:2.3:a:nmap:nmap:4.85:beta7::::::
cpe:2.3:a:nmap:nmap:4.85:beta8::::::
cpe:2.3:a:nmap:nmap:4.85:beta9::::::
cpe:2.3:a:nmap:nmap:4.90:rc1::::::
cpe:2.3:a:nmap:nmap:5.00:::::::*
cpe:2.3:a:nmap:nmap:5.10:beta1::::::
cpe:2.3:a:nmap:nmap:5.10:beta2::::::
cpe:2.3:a:nmap:nmap:5.20:::::::*
cpe:2.3:a:nmap:nmap:5.21:::::::*
cpe:2.3:a:nmap:nmap:5.30:beta1::::::
cpe:2.3:a:nmap:nmap:5.35:dc1::::::
cpe:2.3:a:nmap:nmap:5.50:::::::*
cpe:2.3:a:nmap:nmap:5.51:::::::*
cpe:2.3:a:nmap:nmap:5.59:beta1::::::
cpe:2.3:a:nmap:nmap:5.61:test1::::::
cpe:2.3:a:nmap:nmap:5.61:test2::::::
cpe:2.3:a:nmap:nmap:5.61:test4::::::
cpe:2.3:a:nmap:nmap:5.61:test5::::::
cpe:2.3:a:nmap:nmap:6.00:::::::*
cpe:2.3:a:nmap:nmap:6.01:::::::*
cpe:2.3:a:nmap:nmap:6.20:beta1::::::

Configuration 2 (hide)

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

History

21 Nov 2024, 01:56

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-updates/2013-10/msg00030.html - Vendor Advisory~~	() http://lists.opensuse.org/opensuse-updates/2013-10/msg00030.html - Vendor Advisory
References	~~() http://lists.opensuse.org/opensuse-updates/2013-10/msg00035.html -~~	() http://lists.opensuse.org/opensuse-updates/2013-10/msg00035.html -
References	~~() http://nmap.org/changelog.html -~~	() http://nmap.org/changelog.html -
References	~~() http://packetstormsecurity.com/files/122719/TWSL2013-025.txt - Exploit~~	() http://packetstormsecurity.com/files/122719/TWSL2013-025.txt - Exploit
References	~~() https://github.com/drk1wi/portspoof/commit/1791fe4e2b9e5b5c8e000551ab60a64a29d924c3 - Exploit, Patch~~	() https://github.com/drk1wi/portspoof/commit/1791fe4e2b9e5b5c8e000551ab60a64a29d924c3 - Exploit, Patch
References	~~() https://www.trustwave.com/spiderlabs/advisories/TWSL2013-025.txt - Exploit~~	() https://www.trustwave.com/spiderlabs/advisories/TWSL2013-025.txt - Exploit

Information

Published : 2013-10-26 17:55

Updated : 2024-11-21 01:56

NVD link : CVE-2013-4885

Mitre link : CVE-2013-4885

CVE.ORG link : CVE-2013-4885

JSON object : View

Products Affected

opensuse

opensuse

nmap

nmap

CWE

NVD-CWE-Other

6.8 /10