CVE-2018-1000161
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
18/04/2018
Last modified:
24/05/2018
Description
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.
Impact
Base Score 3.x
5.70
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nmap:nmap:6.49:beta6:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.25:beta1:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.25:beta2:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.30:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.31:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.40:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.50:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nmap:nmap:7.60:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page