{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20071210 Multiple vulnerabilities in BarracudaDrive 3.7.2", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/484833/100/0/threaded"}, {"name": "28032", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28032"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/barradrive-adv.txt"}, {"name": "3434", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3434"}, {"name": "26805", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26805"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6317", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20071210 Multiple vulnerabilities in BarracudaDrive 3.7.2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484833/100/0/threaded"}, {"name": "28032", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28032"}, {"name": "http://aluigi.altervista.org/adv/barradrive-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/barradrive-adv.txt"}, {"name": "3434", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3434"}, {"name": "26805", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26805"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:02:36.565Z"}, "title": "CVE Program Container", "references": [{"name": "20071210 Multiple vulnerabilities in BarracudaDrive 3.7.2", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484833/100/0/threaded"}, {"name": "28032", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28032"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/barradrive-adv.txt"}, {"name": "3434", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3434"}, {"name": "26805", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26805"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6317", "datePublished": "2007-12-12T00:00:00.000Z", "dateReserved": "2007-12-11T00:00:00.000Z", "dateUpdated": "2024-08-07T16:02:36.565Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:real_time_logic:barracudadrive_web_server:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0ACB6AB1-EDFA-4E0D-AB72-45ED5AED11C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:real_time_logic:barracudadrive_web_server_home_server:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "04DF53DD-E4F1-4DEC-B565-5CDBD29C2F28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidad de salto de directorio en el servidor web BarracudaDrive anterior a 3.8 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de ciertas secuencias ..\\ (punto punto barra invertida) en la ruta URL, o (2) usuarios remotos validados para borrar archivos de su elecci\u00f3n o crear directorios de su elecci\u00f3n a trav\u00e9s de la secuencia ..\\ (punto punto barra invertida) en el par\u00e1metro dir en /drive/c/bdusers/USER/."}], "id": "CVE-2007-6317", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-12T00:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/barradrive-adv.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28032"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3434"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/484833/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/26805"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/barradrive-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3434"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484833/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/26805"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}