OpenCVE

Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Info-zip	Unzip
Redhat	Enterprise Linux Linux
Sco	Openlinux Server Openlinux Workstation

Configuration 1 [-]

cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:sco:openlinux_server:3.1.1:::::::*
	cpe:2.3:o:sco:openlinux_workstation:3.1.1:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2003:200	2003-07-01T00:00:00Z
Red Hat Enterprise Linux ES version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2003:200	2003-07-01T00:00:00Z
Red Hat Enterprise Linux WS version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2003:200	2003-07-01T00:00:00Z
Red Hat Linux 7.1
	cpe:/o:redhat:linux:7.1	RHSA-2003:199	2003-07-01T00:00:00Z
	cpe:/o:redhat:linux:7.1	RHSA-2003:218	2003-07-01T00:00:00Z
Red Hat Linux 7.2
	cpe:/o:redhat:linux:7.2	RHSA-2003:199	2003-07-01T00:00:00Z
Red Hat Linux 7.3
	cpe:/o:redhat:linux:7.3	RHSA-2003:199	2003-07-01T00:00:00Z
Red Hat Linux 8.0
	cpe:/o:redhat:linux:8.0	RHSA-2003:199	2003-07-01T00:00:00Z
Red Hat Linux 9
	cpe:/o:redhat:linux:9	RHSA-2003:199	2003-07-01T00:00:00Z
Red Hat Linux Advanced Workstation 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2003:200	2003-07-01T00:00:00Z

References

Link	Providers
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672
http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01
http://marc.info/?l=bugtraq&m=105259038503175&w=2
http://marc.info/?l=bugtraq&m=105786446329347&w=2
http://www.ciac.org/ciac/bulletins/n-111.shtml
http://www.debian.org/security/2003/dsa-344
http://www.info-zip.org/FAQ.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:073
http://www.redhat.com/support/errata/RHSA-2003-199.html
http://www.redhat.com/support/errata/RHSA-2003-200.html
http://www.securityfocus.com/bid/7550
http://www.turbolinux.com/security/TLSA-2003-42.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/12004
https://nvd.nist.gov/vuln/detail/CVE-2003-0282
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619
https://www.cve.org/CVERecord?id=CVE-2003-0282

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-05-14T04:00:00

Updated: 2024-08-08T01:50:47.582Z

Reserved: 2003-05-12T00:00:00

Link: CVE-2003-0282

Vulnrichment

No data.

NVD

Status : Modified

Published: 2003-06-16T04:00:00.000

Modified: 2017-10-11T01:29:08.590

Link: CVE-2003-0282

Redhat

Severity : Moderate

Publid Date: 2003-05-09T00:00:00Z

Links: CVE-2003-0282 - Bugzilla

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object