CVE-2010-4282

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.exploit-db.com/exploits/15643	Exploit
http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download	Patch
http://www.securityfocus.com/bid/45112	Patch
http://seclists.org/fulldisclosure/2010/Nov/326
http://osvdb.org/69545
http://osvdb.org/69544
http://osvdb.org/69543
http://secunia.com/advisories/42347
http://www.securityfocus.com/archive/1/514939/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:artica:pandora_fms:3.0:::::::*
	cpe:2.3:a:artica:pandora_fms:3.1:rc1::::::
	cpe:2.3:a:artica:pandora_fms::::::::
	cpe:2.3:a:artica:pandora_fms:2.0:::::::*
	cpe:2.3:a:artica:pandora_fms:2.1:::::::*
	cpe:2.3:a:artica:pandora_fms:2.1.1:::::::*
	cpe:2.3:a:artica:pandora_fms:1.3:beta1::::::
	cpe:2.3:a:artica:pandora_fms:1.3:beta2::::::
	cpe:2.3:a:artica:pandora_fms:3.0:rc2::::::
	cpe:2.3:a:artica:pandora_fms:3.0:rc1::::::
	cpe:2.3:a:artica:pandora_fms:2.0:beta::::::
	cpe:2.3:a:artica:pandora_fms:1.3:beta::::::
	cpe:2.3:a:artica:pandora_fms:1.2:::::::*
	cpe:2.3:a:artica:pandora_fms:1.3:beta3::::::
	cpe:2.3:a:artica:pandora_fms:1.3:::::::*
	cpe:2.3:a:artica:pandora_fms:1.3.1:::::::*

Information

Published : 2010-12-02 09:15

Updated : 2018-10-10 13:07

NVD link : CVE-2010-4282

Mitre link : CVE-2010-4282

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

Products Affected

artica

pandora_fms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.exploit-db.com/exploits/15643", "name": "15643", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download", "name": "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/45112", "name": "45112", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://seclists.org/fulldisclosure/2010/Nov/326", "name": "20101130 Pandora FMS Authentication Bypass and Multiple\tInput Validation Vulnerabilities", "tags": [], "refsource": "FULLDISC"}, {"url": "http://osvdb.org/69545", "name": "69545", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/69544", "name": "69544", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/69543", "name": "69543", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/42347", "name": "42347", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/archive/1/514939/100/0/threaded", "name": "20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-4282", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-12-02T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:3.1:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.1"}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:1.3:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:1.3:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:3.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:3.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:2.0:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:1.3:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:1.3:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:1.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-10T20:07Z"}