CVE-2005-0796
CVSS5.0
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:14:41
NMCS    

[原文]Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory.


[CNNVD]HolaCMS目录遍历漏洞(CNNVD-200505-174)

        HolaCMS 1.4.9-1中的目录遍历漏洞,允许远程攻击者通过在vote_filename参数的"holaDB/votes"后跟..(点点)来重写任意文件,从而绕过HolaCMS的检查以确保文件位于holaDB/votes目录下。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0796
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0796
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-174
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=111090966815089&w=2
(UNKNOWN)  BUGTRAQ  20050315 Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access
http://www.holacms.de/?content=changelog
(UNKNOWN)  CONFIRM  http://www.holacms.de/?content=changelog

- 漏洞信息

HolaCMS目录遍历漏洞
中危 路径遍历
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        HolaCMS 1.4.9-1中的目录遍历漏洞,允许远程攻击者通过在vote_filename参数的"holaDB/votes"后跟..(点点)来重写任意文件,从而绕过HolaCMS的检查以确保文件位于holaDB/votes目录下。

- 公告与补丁

        暂无数据

- 漏洞信息

HolaCMS Voting Module Directory Traversal Remote File Corruption Vulnerability
Input Validation Error 12799
Yes No
2005-03-13 12:00:00 2009-07-12 10:56:00
Discovery is credited to Virginity Security.

- 受影响的程序版本

Hola HolaCMS 1.4.9 -1
Hola HolaCMS 1.4.9
Hola HolaCMS 1.4.8
Hola HolaCMS 1.4.7
Hola HolaCMS 1.4.6
Hola HolaCMS 1.4.5
Hola HolaCMS 1.4.4
Hola HolaCMS 1.4.3
Hola HolaCMS 1.4.2 a
Hola HolaCMS 1.4.2
Hola HolaCMS 1.4.1
Hola HolaCMS 1.4
Hola HolaCMS 1.2.10
Hola HolaCMS 1.2.9

- 漏洞讨论

HolaCMS is prone to a vulnerability that may allow remote users to corrupt files on the server.

This issue is similar to the vulnerability described in BID 12789 (HolaCMS Voting Module Remote File Corruption Vulnerability). It is reported that HolaCMS 1.4.9-1, which was released to address the issue in BID 12789 is still vulnerable to a variant of that issue.

Specifically, an attacker can bypass the fix introduced in HolaCMS 1.4.9-1 by including directory traversal sequences in the path to a target file.

HolaCMS 1.4.9-1 and prior versions are affected by this issue.

- 漏洞利用

The following example was provided using a form to submit a custom HTTP POST to the site:

<form action="http://www.example.com/[site-with-vote].php?vote=1" method="POST">
<input type="hidden" name="vote_filename" value="holaDB/votes/../../admin/multiuser/multiuser.php">
<input type="hidden" name="result" value="0">
<input type="submit" value="Stimme abgeben" name="button">
</form>

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站