CVE-2008-0656

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf
http://www.securityfocus.com/bid/27632
http://www.securitytracker.com/id?1019305
http://secunia.com/advisories/28810	Vendor Advisory
http://securityreason.com/securityalert/3626
http://www.vupen.com/english/advisories/2008/0439
http://www.securityfocus.com/archive/1/487603/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:documentum_administrator:4.2.8:::::::*
	cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:::::::*
	cpe:2.3:a:emc:documentum_webtop:5.3.0.317:::::::*
	cpe:2.3:a:emc:documentum_administrator:5.3.0.313:::::::*
	cpe:2.3:a:emc:documentum_webtop:5.2.5:::::::*
	cpe:2.3:a:emc:documentum_administrator:5.2.5:::::::*
	cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:::::::*

Information

Published : 2008-02-07 13:00

Updated : 2018-10-15 15:02

NVD link : CVE-2008-0656

Mitre link : CVE-2008-0656

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

emc

documentum_webtop
documentum_administrator

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf", "name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/27632", "name": "27632", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1019305", "name": "1019305", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/28810", "name": "28810", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/3626", "name": "3626", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2008/0439", "name": "ADV-2008-0439", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded", "name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-0656", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-02-07T21:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:4.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:5.3.0.317:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:5.3.0.313:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:5.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:5.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-15T22:02Z"}

10.0 /10