| ID |
CVE-2007-0888
|
| Summary |
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command. This vulnerability is addressed in the following product update:
Kiwi Enterprises, Kiwi CatTools, 3.2.0 Beta |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 10.0 (as of 16-10-2018 - 16:35) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 22490 | | bugtraq | - 20070208 TFTP directory traversal in Kiwi CatTools
- 20070213 Re: TFTP directory traversal in Kiwi CatTools
| | confirm | http://www.kiwisyslog.com/kb/idx/5/178/article/ | | osvdb | 33162 | | secunia | 24103 | | sreason | 2236 | | vupen | ADV-2007-0536 | | xf | kiwicattools-tftp-directory-traversal(32398) |
|
| Last major update |
16-10-2018 - 16:35 |
| Published |
12-02-2007 - 23:28 |
| Last modified |
16-10-2018 - 16:35 |
