CVE-2007-2836

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-2836
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691
http://hikiwiki.org/en/advisory20070624.html
http://hikiwiki.org/hiki-0_8_6.patch
http://jvn.jp/jp/JVN%2305187780/index.html
http://osvdb.org/37469
http://secunia.com/advisories/25764 Patch Vendor Advisory
http://secunia.com/advisories/25874 Patch Vendor Advisory
http://www.debian.org/security/2007/dsa-1324
http://www.securityfocus.com/bid/24603
http://www.vupen.com/english/advisories/2007/2304
https://exchange.xforce.ibmcloud.com/vulnerabilities/35029
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hiki:hiki:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.6:*:*:*:*:*:*:*
History

No history.

Information

Published : 2007-07-02 19:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-2836

Mitre link : CVE-2007-2836

CVE.ORG link : CVE-2007-2836

JSON object : View

Products Affected

hiki

  • hiki
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')