CVE-2007-6317 - OpenCVE

Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Real Time Logic	Barracudadrive Web Server Barracudadrive Web Server Home Server

Configuration 1 [-]

OR	cpe:2.3:a:real_time_logic:barracudadrive_web_server:3.7.2:::::::*
	cpe:2.3:a:real_time_logic:barracudadrive_web_server_home_server:3.7.2:::::::*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/barradrive-adv.txt
http://secunia.com/advisories/28032
http://securityreason.com/securityalert/3434
http://www.securityfocus.com/archive/1/484833/100/0/threaded
http://www.securityfocus.com/bid/26805

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-12T00:00:00

Updated: 2024-08-07T16:02:36.565Z

Reserved: 2007-12-11T00:00:00

Link: CVE-2007-6317

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-12-12T00:46:00.000

Modified: 2018-10-15T21:52:01.797

Link: CVE-2007-6317

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20071210 Multiple vulnerabilities in BarracudaDrive 3.7.2", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/484833/100/0/threaded"}, {"name": "28032", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28032"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/barradrive-adv.txt"}, {"name": "3434", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3434"}, {"name": "26805", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26805"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6317", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20071210 Multiple vulnerabilities in BarracudaDrive 3.7.2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484833/100/0/threaded"}, {"name": "28032", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28032"}, {"name": "http://aluigi.altervista.org/adv/barradrive-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/barradrive-adv.txt"}, {"name": "3434", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3434"}, {"name": "26805", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26805"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:02:36.565Z"}, "title": "CVE Program Container", "references": [{"name": "20071210 Multiple vulnerabilities in BarracudaDrive 3.7.2", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484833/100/0/threaded"}, {"name": "28032", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28032"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/barradrive-adv.txt"}, {"name": "3434", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3434"}, {"name": "26805", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26805"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6317", "datePublished": "2007-12-12T00:00:00", "dateReserved": "2007-12-11T00:00:00", "dateUpdated": "2024-08-07T16:02:36.565Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:real_time_logic:barracudadrive_web_server:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0ACB6AB1-EDFA-4E0D-AB72-45ED5AED11C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:real_time_logic:barracudadrive_web_server_home_server:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "04DF53DD-E4F1-4DEC-B565-5CDBD29C2F28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidad de salto de directorio en el servidor web BarracudaDrive anterior a 3.8 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de ciertas secuencias ..\\ (punto punto barra invertida) en la ruta URL, o (2) usuarios remotos validados para borrar archivos de su elecci\u00f3n o crear directorios de su elecci\u00f3n a trav\u00e9s de la secuencia ..\\ (punto punto barra invertida) en el par\u00e1metro dir en /drive/c/bdusers/USER/."}], "id": "CVE-2007-6317", "lastModified": "2018-10-15T21:52:01.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-12T00:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/barradrive-adv.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28032"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3434"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/484833/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/26805"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}