PT-2007-7288 · Raidenhttpd · Raidenhttpd

Published

2007-12-20

Updated

2018-10-15

CVE-2007-6453

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RaidenHTTPD version 2.0.19

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter when the WebAdmin function is enabled. This is due to a directory traversal vulnerability in the raidenhttpd-admin/workspace.php file.

Recommendations For RaidenHTTPD version 2.0.19, consider disabling the WebAdmin function until a patch is available. As a temporary workaround, restrict access to the ulang parameter in the affected API endpoint to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2007-6453

Affected Products

Raidenhttpd

PT-2007-7288 · Raidenhttpd · Raidenhttpd

CVE-2007-6453

Weakness Enumeration

Related Identifiers

Affected Products

References · 13