CVE-2007-2836 - OpenCVE

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hiki	Hiki

Configuration 1 [-]

OR	cpe:2.3:a:hiki:hiki:0.8.0:::::::*
	cpe:2.3:a:hiki:hiki:0.8.1:::::::*
	cpe:2.3:a:hiki:hiki:0.8.2:::::::*
	cpe:2.3:a:hiki:hiki:0.8.3:::::::*
	cpe:2.3:a:hiki:hiki:0.8.4:::::::*
	cpe:2.3:a:hiki:hiki:0.8.5:::::::*
	cpe:2.3:a:hiki:hiki:0.8.6:::::::*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691
http://hikiwiki.org/en/advisory20070624.html
http://hikiwiki.org/hiki-0_8_6.patch
http://jvn.jp/jp/JVN%2305187780/index.html
http://osvdb.org/37469
http://secunia.com/advisories/25764
http://secunia.com/advisories/25874
http://www.debian.org/security/2007/dsa-1324
http://www.securityfocus.com/bid/24603
http://www.vupen.com/english/advisories/2007/2304
https://exchange.xforce.ibmcloud.com/vulnerabilities/35029

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-02T19:00:00

Updated: 2024-08-07T13:49:57.813Z

Reserved: 2007-05-24T00:00:00

Link: CVE-2007-2836

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-02T19:30:00.000

Modified: 2017-07-29T01:31:46.173

Link: CVE-2007-2836

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-24T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-1324", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1324"}, {"name": "24603", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24603"}, {"name": "37469", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37469"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hikiwiki.org/en/advisory20070624.html"}, {"name": "ADV-2007-2304", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2304"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hikiwiki.org/hiki-0_8_6.patch"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691"}, {"name": "25874", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25874"}, {"name": "25764", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25764"}, {"name": "hiki-sessionid-security-bypass(35029)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35029"}, {"name": "JVN#05187780", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/jp/JVN%2305187780/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2836", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1324", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1324"}, {"name": "24603", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24603"}, {"name": "37469", "refsource": "OSVDB", "url": "http://osvdb.org/37469"}, {"name": "http://hikiwiki.org/en/advisory20070624.html", "refsource": "CONFIRM", "url": "http://hikiwiki.org/en/advisory20070624.html"}, {"name": "ADV-2007-2304", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2304"}, {"name": "http://hikiwiki.org/hiki-0_8_6.patch", "refsource": "CONFIRM", "url": "http://hikiwiki.org/hiki-0_8_6.patch"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691"}, {"name": "25874", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25874"}, {"name": "25764", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25764"}, {"name": "hiki-sessionid-security-bypass(35029)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35029"}, {"name": "JVN#05187780", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2305187780/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:49:57.813Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1324", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1324"}, {"name": "24603", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24603"}, {"name": "37469", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37469"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hikiwiki.org/en/advisory20070624.html"}, {"name": "ADV-2007-2304", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2304"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hikiwiki.org/hiki-0_8_6.patch"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691"}, {"name": "25874", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25874"}, {"name": "25764", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25764"}, {"name": "hiki-sessionid-security-bypass(35029)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35029"}, {"name": "JVN#05187780", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/jp/JVN%2305187780/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2836", "datePublished": "2007-07-02T19:00:00", "dateReserved": "2007-05-24T00:00:00", "dateUpdated": "2024-08-07T13:49:57.813Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hiki:hiki:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A025628-6766-4402-A9B5-EE8983BC0283", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "BAEBA2F7-AA11-448B-AB89-77A2B51426C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "3F760D12-A498-4E19-8D54-A7D46709B757", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "773C25D4-1992-443D-BC7F-DA9100B316BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "1ECEE236-A043-419B-8AE3-8A364594610E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "F87C406F-C01A-4A4D-9CCA-CF646BABFE46", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki:hiki:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "B5D70575-4E6B-4E28-BF4F-C545E3FF47CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en session.rb en Hiki 0.8.0 hasta 0.8.6 permite a atacantes remotos borrar ficheros de su elecci\u00f3n mediante secuencias de salto de directorio en el ID de sesi\u00f3n, el cual es comprobado contra una expresi\u00f3n regular que no es suficientemente restrictiva antes de ser usado para construir un nombre de fichero que es marcado para el borrado al finalizar la sesi\u00f3n."}], "evaluatorSolution": "The vendor has addressed this issue through a product update: http://prdownloads.sourceforge.jp/hiki/25954/hiki-0.8.7.tar.gz\r\n\r\n", "id": "CVE-2007-2836", "lastModified": "2017-07-29T01:31:46.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-02T19:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691"}, {"source": "cve@mitre.org", "url": "http://hikiwiki.org/en/advisory20070624.html"}, {"source": "cve@mitre.org", "url": "http://hikiwiki.org/hiki-0_8_6.patch"}, {"source": "cve@mitre.org", "url": "http://jvn.jp/jp/JVN%2305187780/index.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37469"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25764"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25874"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1324"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24603"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2304"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35029"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}