PT-2007-3299 · Archivexpert · Archivexpert

Publicado

2007-04-11

Atualizado

2017-07-29

CVE-2007-1954

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ArchiveXpert version 2.02 build 80

Description The issue allows remote attackers to create files in arbitrary directories via a .. (dot dot) in various archive file types, including .gz, .jar, .rar, .tar.gz, .zip, and .tar files.

Recommendations For ArchiveXpert version 2.02 build 80, consider restricting the ability to upload or process archive files until a patch is available. As a temporary workaround, limit access to sensitive directories to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-1954

Produtos afetados

Archivexpert

PT-2007-3299 · Archivexpert · Archivexpert

CVE-2007-1954

Identificadores relacionados

Produtos afetados

Referências · 6