PT-2002-2771 · Modlogan · Modlogan

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2050

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ModLogAn versions 0.5.0 through 0.7.11

Description A directory traversal issue exists in the processor web plugin for ModLogAn when used with the splitby option, allowing local users to overwrite arbitrary files by including a .. (dot dot) in the hostname of a log entry.

Recommendations For ModLogAn versions 0.5.0 through 0.7.11, consider disabling the splitby option in the processor web plugin as a temporary workaround until a patch is available. Restrict access to the processor web plugin to minimize the risk of exploitation. Avoid using the splitby option with untrusted log entries until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-2050

Affected Products

Modlogan

PT-2002-2771 · Modlogan · Modlogan

CVE-2002-2050

Related Identifiers

Affected Products

References · 5