PT-2008-2098 · Web Wiz · Web Wiz Newspad+2

Publicado

2008-01-28

Atualizado

2018-10-15

CVE-2008-0466

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Web Wiz Rich Text Editor version 4.0 Web Wiz Forums version 9.07 Web Wiz Newspad version 1.02

Description The issue allows remote attackers to list directories and read files without requiring authentication. This can be further exploited to access files outside the configured directory tree by leveraging a separate directory traversal issue.

Recommendations For Web Wiz Rich Text Editor version 4.0, update the RTE file browser.asp to require authentication. For Web Wiz Forums version 9.07, restrict access to the RTE file browser.asp file to authenticated users. For Web Wiz Newspad version 1.02, consider disabling the RTE file browser.asp file until a patch is available that enforces authentication.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2008-0466

Produtos afetados

Web Wiz Forums

Web Wiz Newspad

Web Wiz Rich Text Editor

PT-2008-2098 · Web Wiz · Web Wiz Newspad+2

CVE-2008-0466

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12