{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-08T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20140508 Re: CVE Request - Local File inclusion in Cobbler", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q2/274"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/cobbler/cobbler/issues/939"}, {"name": "106759", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/106759"}, {"name": "67277", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67277"}, {"name": "[oss-security] 20140508 CVE Request - Local File inclusion in Cobbler", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q2/273"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html"}, {"name": "20140513 FD - Cobbler Arbitrary File Read CVE-2014-3225", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/532094/100/0/threaded"}, {"name": "33252", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/33252"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140508 Re: CVE Request - Local File inclusion in Cobbler", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q2/274"}, {"name": "https://github.com/cobbler/cobbler/issues/939", "refsource": "MISC", "url": "https://github.com/cobbler/cobbler/issues/939"}, {"name": "106759", "refsource": "OSVDB", "url": "http://www.osvdb.org/106759"}, {"name": "67277", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67277"}, {"name": "[oss-security] 20140508 CVE Request - Local File inclusion in Cobbler", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q2/273"}, {"name": "https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be"}, {"name": "http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html"}, {"name": "20140513 FD - Cobbler Arbitrary File Read CVE-2014-3225", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/532094/100/0/threaded"}, {"name": "33252", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/33252"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:57.073Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140508 Re: CVE Request - Local File inclusion in Cobbler", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q2/274"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cobbler/cobbler/issues/939"}, {"name": "106759", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/106759"}, {"name": "67277", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67277"}, {"name": "[oss-security] 20140508 CVE Request - Local File inclusion in Cobbler", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q2/273"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html"}, {"name": "20140513 FD - Cobbler Arbitrary File Read CVE-2014-3225", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/532094/100/0/threaded"}, {"name": "33252", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/33252"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3225", "datePublished": "2014-05-14T00:00:00.000Z", "dateReserved": "2014-05-06T00:00:00.000Z", "dateUpdated": "2024-08-06T10:35:57.073Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cobblerd:cobbler:2.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "77E45FEE-77FD-4E38-A437-530DB0FB0726", "vulnerable": true}, {"criteria": "cpe:2.3:a:cobblerd:cobbler:2.4.0:1:*:*:*:*:*:*", "matchCriteriaId": "0875D8D3-9421-4E74-AC82-00F444971EFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cobblerd:cobbler:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A83D8CA5-9B9D-4BFF-8DBF-4EFD79AA9485", "vulnerable": true}, {"criteria": "cpe:2.3:a:cobblerd:cobbler:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "2B202661-286F-45BD-9402-BF744AD23521", "vulnerable": true}, {"criteria": "cpe:2.3:a:cobblerd:cobbler:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "DCAB8299-192E-45A3-96DA-A2D047A30639", "vulnerable": true}, {"criteria": "cpe:2.3:a:cobblerd:cobbler:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "6C55580F-7FA7-445C-AC12-FC145C5EBF1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cobblerd:cobbler:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF231D52-CB23-4312-80E0-B4E3A0AB69DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile."}, {"lang": "es", "value": "Vulnerabilidad de recorrido de directorio absoluto en la interfaz web en Cobbler 2.4.x hasta 2.6.x permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s del campo Kickstart en un perfil."}], "id": "CVE-2014-3225", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-14T00:55:11.057", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2014/q2/273"}, {"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2014/q2/274"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/33252"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/106759"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/532094/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67277"}, {"source": "cve@mitre.org", "url": "https://github.com/cobbler/cobbler/issues/939"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q2/273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q2/274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/33252"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/106759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/532094/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/cobbler/cobbler/issues/939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "cobbler: local file inclusion over remote installs", "id": "1095844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095844"}, "csaw": false, "cvss": {"cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile."], "name": "CVE-2014-3225", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5.6", "fix_state": "Will not fix", "package_name": "cobbler", "product_name": "Red Hat Satellite 5.6"}], "public_date": "2014-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3225\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3225"], "statement": "Red Hat Network Satellite 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/site/support/policy/updates/satellite.", "threat_severity": "Moderate"}

{}