{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-14T16:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt", "refsource": "MISC", "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:59:41.285Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-5107", "datePublished": "2013-12-14T17:00:00", "dateReserved": "2013-08-12T00:00:00", "dateUpdated": "2024-08-06T16:59:41.285Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockmongo:rockmongo:*:*:*:*:*:*:*:*", "matchCriteriaId": "F07E63CA-DC1E-4C04-8894-38285D9FA3C6", "versionEndIncluding": "1.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "60343CDA-3F7C-45F7-87BE-598596D687F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "098AE33E-6063-408F-B5E1-13A50596B941", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B50E327E-8247-4148-83EB-D7ABA22F8988", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D574D727-4C70-49A9-BBF3-A401B8FD11D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B517EAA8-5AA6-4CBE-AEA8-8E166A3B8399", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "2BBC287E-D5EF-4262-A51C-5AD3D7449EB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "4B7C3ABC-7BAD-464C-AD4F-B561882ABC4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "D54D8D4D-E3BC-4361-A562-C5E10686F1FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "97CAD3ED-BC22-4BF4-A8E2-E28E9A9D0C51", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "70AA3C05-4D64-4024-BD13-078750EA7465", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "9384F995-44B7-4DF5-BA94-CA868AE8E82F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "A655F81A-ED7E-4B8A-8818-D5E20182CAB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "AC82766A-FC33-4147-8F2D-B4882F79F02D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2506C1E-853E-4C65-9066-94208D1C0E3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "115A04F6-57DC-4C94-9935-518700AA5143", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E2E74AE8-CEEB-46E3-935D-CDEED7844249", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "DB3867A1-256A-4EFE-9864-A41B4CEF3F03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php."}, {"lang": "es", "value": "Vulnerabilidad de recorrido de directorios en RockMongo 1.1.5 y anteriores permite a atacantes remotos leer archivos de forma arbitraria a trav\u00e9s de .. (punto punto) en la cookie ROCK_LANG, como fue demostrado en la acci\u00f3n login.index de index.php."}], "id": "CVE-2013-5107", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-14T17:21:45.740", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "RockMongo: directory traversal vulnerability", "id": "1043654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043654"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php."], "name": "CVE-2013-5107", "public_date": "2013-08-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-5107"], "statement": "This issue affects the versions of the mongo cartridge as shipped with Red Hat OpenShift Enterprise Linux 2. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Additionally OpenShift uses a strong file permission and SELinux permission model minimizing the amount of data that can be viewed.", "threat_severity": "Low"}

{}