CVE-2014-2575

{"id": "CVE-2014-2575", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-06-06T14:55:04.870", "references": [{"url": "http://osvdb.org/show/osvdb/107742", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2014/Jun/24", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/33700", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/532304/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/67902", "source": "cve@mitre.org"}, {"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el componente File Manager en DevExpress ASPxFileManager Control para ASP.NET WebForms y MVC anterior a 13.1.10 y 13.2.x anterior a 13.2.9 permite a usuarios remotos autenticados leer o escribir archivos arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro __EVENTARGUMENT."}], "lastModified": "2018-10-09T19:43:31.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DE44CD4-8B78-41DB-BD93-320AACCF04EC", "versionEndIncluding": "13.1.9"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B481A50-F12D-49C1-993F-BDA9B6469308"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D29EAF0-1BF5-4688-8A61-3F1CEB391EA8"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C1CE9AE-FA74-496D-9322-B0E43C322313"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "126F2377-DB2A-444D-ADA3-FA3FDBCE2F24"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DE2FF8D-3A08-4A63-8C5A-FD008A455950"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B67F786-CC7F-4D1C-8AB6-B31176196C8D"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F10E34D-990E-48CE-A29E-C7BC4A5F274D"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94B8D8A9-8833-4207-AA13-6BF8212EFAF5"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8566F558-15DE-47A9-A1A4-32E1B100F404"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD706CF4-4009-4DED-BE36-2BB2B02B0106"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3204F394-0D37-42C4-9D1E-808B7ED64CB0"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83BA500D-9F1E-44F1-8B5E-C7D91745B482"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E02E5FB-2337-4F73-BFD2-8F04A82B5838"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B30C4624-8C2A-46F6-8FD0-06A297FBBBA9"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2524E3FA-EA15-40F7-B9CD-A11F20F8D2FC"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2408EC5C-38FD-4FAF-9311-ED7DE5068602"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A516EC58-205E-493C-95CF-E394AD9C79BE"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3315814-ACF4-4A9F-BE8D-CCDF48F4C07B"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "312D1205-77DD-4555-821B-AC15AA04D0C2"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "865CF2CB-0C62-4691-B437-A7F0E845E108"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11D46952-D9A8-4AB2-BD88-C7AF334345D6"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA24423E-7B02-4E7D-ADF3-6F2CA3AD3A97"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A145FD1-138D-4AE5-A7F5-1F366C899A36"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FF9ED2F-71CF-43C4-BADA-21127449BF11"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B04575E-5EA9-4C11-BF05-CB0325CF5FE8"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B33F742-3C02-4C5E-965C-A548AF1CAD23"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA960FFA-66FD-4241-B030-68E30E2A1EC6"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A866BAEA-10C1-4986-8A53-1601AA35EEC7"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35F04C61-4120-4491-8A52-3462222E6360"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6E1AB2F-0983-4A11-AB33-07A96E8981B0"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "374B69E8-1FAE-42DC-A12B-07108D972596"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C99452E-F48E-4B5E-83FE-8C43D4A1C57B"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F712ED9-0E3E-40B8-84C7-15F6019E7D02"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "044389B4-E88E-4660-AE1D-6B5DCE9BA5F5"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E6A7903-1569-4E88-ACB2-F6F896D7E331"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33A040AF-86AA-4C75-AC19-6C3B9F8033AC"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C8FB2D0-9E36-4807-B11B-E7A14845485A"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DB83B47-1EEC-4F17-8856-8CF21C9D9B07"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DC32505-5486-4A8F-A1AE-36DAE7BCDF1E"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6867507-D95E-4061-83ED-3EA51D7DA3FA"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E24C61E-9BF0-45BE-8C2F-5FF576C2C4DF"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C007F30-A64F-4542-8C76-E7D343A2C603"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94BF704B-E5F1-41E4-AC99-9D79D85AB0ED"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44AB35BD-B5A7-4A1C-A764-287336B6EEE9"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CF07C99-A211-47BC-AB8B-F63107242EF3"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29EA3426-2223-47A8-8DF9-3616C35194BA"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F633C7F5-B02E-468A-913F-059213222FE4"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCE47FC1-7C86-47AB-89DA-178EAAF78FA5"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "894863DD-5F0A-45EC-A4C5-9B17ED0A24F4"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96808DEB-8CA2-42E8-8B9D-2006BDAEB3FF"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60B11BEE-7A58-4C74-8FFD-4E1BBE687B75"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38AE5721-4F6D-4FC3-BC23-A78572B95692"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331DE4BF-A200-45FB-930A-63BD6757F290"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64DD6C1A-C293-4D41-A33E-C37001E96139"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EFBB270-0F21-43C1-9F6A-898B34A7358F"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC6ED3EC-A009-4162-8C81-3DAD2ABF0098"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD25EFB6-9BB7-42B9-97CE-CB38B000224C"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48D104EE-02E5-45C6-9BF9-C378447B5117"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E9FC164-8240-49D0-87B4-2BA94FF176BD"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53C84B8E-4EB1-460A-A6DA-C49B43481D28"}, {"criteria": "cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "691BBC94-1724-4C66-85EB-F939B2A8C4E4"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2\n\n\"Affected Products\n\nASPxFileManager Control for WebForms and MVC (v10.2 and higher)\"", "sourceIdentifier": "cve@mitre.org"}