CVE-2010-0620

Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.vupen.com/english/advisories/2010/0458	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-020/
http://www.securityfocus.com/bid/38380	Exploit
http://securityreason.com/securityalert/8230
http://www.securityfocus.com/archive/1/509723/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:homebase_server:6.2:::::::*
	cpe:2.3:a:emc:homebase_server:6.3:::::::*

Information

Published : 2010-02-24 16:30

Updated : 2018-10-10 12:53

NVD link : CVE-2010-0620

Mitre link : CVE-2010-0620

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Products Affected

emc

homebase_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.vupen.com/english/advisories/2010/0458", "name": "ADV-2010-0458", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-020/", "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-020/", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/38380", "name": "38380", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/8230", "name": "8230", "tags": [], "refsource": "SREASON"}, {"url": "http://www.securityfocus.com/archive/1/509723/100/0/threaded", "name": "20100224 ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-0620", "ASSIGNER": "secure@dell.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-02-25T00:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:homebase_server:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:homebase_server:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-10T19:53Z"}

9.3 /10