CVE-2006-0347

Current Description

Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL.

Basic Data

PublishedJanuary 21, 2006
Last ModifiedJuly 20, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationStefan RittElog Web Logbook2.0.0*******
    2.3ApplicationStefan RittElog Web Logbook2.0.1*******
    2.3ApplicationStefan RittElog Web Logbook2.0.2*******
    2.3ApplicationStefan RittElog Web Logbook2.0.3*******
    2.3ApplicationStefan RittElog Web Logbook2.0.4*******
    2.3ApplicationStefan RittElog Web Logbook2.0.5*******
    2.3ApplicationStefan RittElog Web Logbook2.1.0*******
    2.3ApplicationStefan RittElog Web Logbook2.1.1*******
    2.3ApplicationStefan RittElog Web Logbook2.1.2*******
    2.3ApplicationStefan RittElog Web Logbook2.1.3*******
    2.3ApplicationStefan RittElog Web Logbook2.2.0*******
    2.3ApplicationStefan RittElog Web Logbook2.2.1*******
    2.3ApplicationStefan RittElog Web Logbook2.2.2*******
    2.3ApplicationStefan RittElog Web Logbook2.2.3*******
    2.3ApplicationStefan RittElog Web Logbook2.2.4*******
    2.3ApplicationStefan RittElog Web Logbook2.4*******
    2.3ApplicationStefan RittElog Web Logbook2.5*******
    2.3ApplicationStefan RittElog Web Logbook2.5.6*******
    2.3ApplicationStefan RittElog Web Logbook2.5.7*******
    2.3ApplicationStefan RittElog Web Logbook2.6.0*******

Vulnerable Software List

VendorProductVersions
Stefan Ritt Elog Web Logbook 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.4, 2.5, 2.5.6, 2.5.7, 2.6.0

References

NameSourceURLTags
http://midas.psi.ch/elog/download/ChangeLoghttp://midas.psi.ch/elog/download/ChangeLogMISC
18533http://secunia.com/advisories/18533SECUNIAPatch Vendor Advisory
18783http://secunia.com/advisories/18783SECUNIA
DSA-967http://www.debian.org/security/2006/dsa-967DEBIAN
22647http://www.osvdb.org/22647OSVDB
16315http://www.securityfocus.com/bid/16315BIDPatch
ADV-2006-0262http://www.vupen.com/english/advisories/2006/0262VUPEN
elog-dotdot-directory-traversal(24224)https://exchange.xforce.ibmcloud.com/vulnerabilities/24224XF