OpenCVE

Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ocsinventory-ng	Ocs Inventory Ng
Unix	Unix

Configuration 1 [-]

AND

OR	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng::::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:::::::*
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:::::::*
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc1::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc2::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc3::::::

cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml
http://www.securityfocus.com/archive/1/504047/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/50946
https://www.exploit-db.com/exploits/8868

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-06-22T20:00:00

Updated: 2024-08-07T05:44:55.157Z

Reserved: 2009-06-22T00:00:00

Link: CVE-2009-2166

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-06-22T20:30:00.297

Modified: 2024-11-21T01:04:16.853

Link: CVE-2009-2166

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-30T00:00:00", "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "8868", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8868"}, {"name": "20090602 OCS Inventory NG 1.02 - Directory Traversal", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"}, {"name": "ocsinventory-cvs-info-disclosure(50946)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2166", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "8868", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8868"}, {"name": "20090602 OCS Inventory NG 1.02 - Directory Traversal", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"}, {"name": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml", "refsource": "MISC", "url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"}, {"name": "ocsinventory-cvs-info-disclosure(50946)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:44:55.157Z"}, "title": "CVE Program Container", "references": [{"name": "8868", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/8868"}, {"name": "20090602 OCS Inventory NG 1.02 - Directory Traversal", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"}, {"name": "ocsinventory-cvs-info-disclosure(50946)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2166", "datePublished": "2009-06-22T20:00:00", "dateReserved": "2009-06-22T00:00:00", "dateUpdated": "2024-08-07T05:44:55.157Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C51BBFA-8405-4499-A743-8458318281F2", "versionEndIncluding": "1.02", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9C9D8DD-6505-4903-9181-26223DA65DD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "CCBDA19C-8B65-4D0D-80B6-3C1E76C5BE5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "3E915093-BDDA-4A75-A0D0-819246D94249", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "5CDE845A-A67A-4DCC-BC61-FC64C6943C3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "B363C2E6-FAB1-4CED-9C0D-3797AEC814E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1:*:*:*:*:*:*", "matchCriteriaId": "F8B28BF3-C16C-458A-BC9B-23631D2B7623", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "1D9ACDD1-0586-47F1-9421-F4D176BF438E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc1:*:*:*:*:*:*", "matchCriteriaId": "73D26134-3129-432B-AA9E-5062E2792F10", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc2:*:*:*:*:*:*", "matchCriteriaId": "A113F25A-CC82-428A-AA56-16BBA3D3C736", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc3:*:*:*:*:*:*", "matchCriteriaId": "C0FCAE6C-0F9F-4B8A-97B4-2EF4ED76C5FF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7A7C398-5356-45D6-AA5C-53E63BC88DCA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio absoluto en cvs.php en OCS Inventory NG versiones anteriores a v1.02.1 para Unix permite a atacantes remotos leer ficheros de su elecci\u00f3n indicando la ruta de directorio completa en el par\u00e1metro \"log\"."}], "id": "CVE-2009-2166", "lastModified": "2024-11-21T01:04:16.853", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-06-22T20:30:00.297", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/8868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/8868"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}