CVE-2000-1017
CVSS5.0
发布时间 :2000-12-11 00:00:00
修订时间 :2008-09-05 16:22:26
NMCOS    

[原文]Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database.


[CNNVD]WebTeacher WebData输入文件漏洞(CNNVD-200012-066)

        Webteachers Webdata存在漏洞。具有有效Webdata账户的远程攻击者通过邮寄请求向Webdata数据库中输入文件来读取任意文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1017
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1017
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200012-066
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1732
(VENDOR_ADVISORY)  BID  1732
http://archives.neohapsis.com/archives/bugtraq/2000-10/0032.html
(VENDOR_ADVISORY)  BUGTRAQ  20001003 Update to DST2K0039: Webteachers Webdata: Importing files lower t han web root possible in to database
http://archives.neohapsis.com/archives/bugtraq/2000-10/0007.html
(UNKNOWN)  BUGTRAQ  20001002 DST2K0039: Webteachers Webdata: Importing files lower than web ro ot possible in to database

- 漏洞信息

WebTeacher WebData输入文件漏洞
中危 访问验证错误
2000-12-11 00:00:00 2005-10-20 00:00:00
远程※本地  
        Webteachers Webdata存在漏洞。具有有效Webdata账户的远程攻击者通过邮寄请求向Webdata数据库中输入文件来读取任意文件。

- 公告与补丁

        WebTeacher has released a new version of WebData that is not susceptible to this vulnerability. It is available for download at the following location:
        http://webteacher.com/webdata/

- 漏洞信息

13749
Webteachers Webdata Import File Arbitrary File Access

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-10-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

WebTeacher WebData File Import Vulnerability
Access Validation Error 1732
Yes Yes
2000-10-02 12:00:00 2009-07-11 03:56:00
Posted to Bugtraq on October 2, 2000 by the Delphis Consulting Security Team <SecurityTeam@delphisplc.com>.

- 受影响的程序版本

WebTeacher WebData 2.2
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- RedHat Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 alpha

- 漏洞讨论

WebTeacher WebData is a database program deployable across the World Wide Web.

Any user who has a valid member account on WebData is capable of importing any accessible file on the system to the WebData directory. This would ensure that the user could access any file below the root directory by browsing through the database even if it has been specified that WebData would only serve up certain files. The import function should normally only allow user uploaded files into the database, however it will permit any file to be imported onto the server.

- 漏洞利用

See discussion.

- 解决方案

WebTeacher has released a new version of WebData that is not susceptible to this vulnerability. It is available for download at the following location:

http://webteacher.com/webdata/

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站