CVE-2010-3306
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
24/09/2010
Last modified:
11/04/2025
Description
Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:salvo_g._tomaselli:weborf:*:*:*:*:*:*:*:* | 0.12.2 (including) | |
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:salvo_g._tomaselli:weborf:0.12.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://code.google.com/p/weborf/source/detail?r=464
- http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news%3Areleased_0.12.3
- http://secunia.com/advisories/41286
- http://www.exploit-db.com/exploits/14925/
- http://www.openwall.com/lists/oss-security/2010/09/17/3
- http://www.openwall.com/lists/oss-security/2010/09/17/8
- http://www.osvdb.org/67840
- http://code.google.com/p/weborf/source/detail?r=464
- http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news%3Areleased_0.12.3
- http://secunia.com/advisories/41286
- http://www.exploit-db.com/exploits/14925/
- http://www.openwall.com/lists/oss-security/2010/09/17/3
- http://www.openwall.com/lists/oss-security/2010/09/17/8
- http://www.osvdb.org/67840