CVE-2009-3693

{"id": "CVE-2009-3693", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-10-13T10:30:00.717", "references": [{"url": "http://retrogod.altervista.org/9sg_hp_loadrunner.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36898", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \\.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el control Vulnerabilidad de salto de directorio en (XUpload.ocx) en HP LoadRunner v9.5 permite a atacantes remotos crear archivos a su elecci\u00f3n a trav\u00e9s de la secuencia \\.. (barra invertida punto punto) en el tercer argumento en el m\u00e9todo MakeHttpRequest."}], "lastModified": "2009-10-13T10:30:00.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:persits:xupload:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F151EAF-714D-4E3E-BBCF-26D416865D4B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:loadrunner:9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11C140E6-D09F-4B81-A1E0-F7661855FC5D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}