CVE-2008-0656 - Vulnerability Details - OpenCVE

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.02084.

Key SSVC decision points have not yet been added.

Vendors	Products
Emc	Documentum Administrator Documentum Webtop

Configuration 1 [-]

OR	cpe:2.3:a:emc:documentum_administrator:4.2.8:::::::*
	cpe:2.3:a:emc:documentum_administrator:5.2.5:::::::*
	cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:::::::*
	cpe:2.3:a:emc:documentum_administrator:5.3.0.313:::::::*
	cpe:2.3:a:emc:documentum_webtop:5.2.5:::::::*
	cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:::::::*
	cpe:2.3:a:emc:documentum_webtop:5.3.0.317:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2008-0666	Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/28810
http://securityreason.com/securityalert/3626
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf
http://www.securityfocus.com/archive/1/487603/100/0/threaded
http://www.securityfocus.com/bid/27632
http://www.securitytracker.com/id?1019305
http://www.vupen.com/english/advisories/2008/0439

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-02-07T20:00:00

Updated: 2024-08-07T07:54:22.687Z

Reserved: 2008-02-07T00:00:00

Link: CVE-2008-0656

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-02-07T21:00:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-0656

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"}, {"name": "1019305", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019305"}, {"name": "28810", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28810"}, {"name": "ADV-2008-0439", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0439"}, {"name": "27632", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27632"}, {"name": "3626", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3626"}, {"name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0656", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf", "refsource": "MISC", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"}, {"name": "1019305", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019305"}, {"name": "28810", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28810"}, {"name": "ADV-2008-0439", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0439"}, {"name": "27632", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27632"}, {"name": "3626", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3626"}, {"name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:54:22.687Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"}, {"name": "1019305", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019305"}, {"name": "28810", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28810"}, {"name": "ADV-2008-0439", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0439"}, {"name": "27632", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27632"}, {"name": "3626", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3626"}, {"name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0656", "datePublished": "2008-02-07T20:00:00", "dateReserved": "2008-02-07T00:00:00", "dateUpdated": "2024-08-07T07:54:22.687Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_administrator:4.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "3B830D50-91F4-40D7-8886-0355A5AD4FCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "6B666EFE-3B3D-400E-A792-BB037D120BBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCBD37-E635-4B26-B18B-2665CC01EFD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:5.3.0.313:*:*:*:*:*:*:*", "matchCriteriaId": "269728EC-2AC7-4543-9D83-10AE44F85041", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "7FB76F58-E214-4275-91B2-3ABBCA94DCA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:*:*:*:*:*:*:*", "matchCriteriaId": "FBF739EC-CBE5-4EA7-A793-12C53F51E53C", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:5.3.0.317:*:*:*:*:*:*:*", "matchCriteriaId": "4ACB957D-EDE7-4DAF-A010-7EDE45BD0B24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."}, {"lang": "es", "value": "Vulnerabilidad de actualizaci\u00f3n de archivos sin restringir en dmclTrace.jsp en Documentum Administrator 5.3.0.313 y Webtop 5.3.0.317 permite a atacantes remotos sobrescribir archivos no especificados a trav\u00e9s del atributo filename."}], "id": "CVE-2008-0656", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-02-07T21:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28810"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3626"}, {"source": "cve@mitre.org", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27632"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019305"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0439"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28810"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3626"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27632"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0439"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}