CuteNews <= 1.4.1 Directory Traversal Arbitrary File Access

Medium Nessus Network Monitor Plugin ID 3279

Synopsis

The remote host is running a version of CuteNews that allows an attacker to upload or download files outside of the web root directory.

Description

According to its version number, the remote host is running a version of CuteNews that allows an attacker to upload or download files outside of the web root directory. This can lead to an attack against both confidentiality and integrity. An attacker exploiting this flaw would simply send a malformed request including a '../' in the request. Successful exploitation leads to writing or reading arbitrary files outside of the web root.

Solution

Upgrade to a version of CuteNews higher than 1.4.1.

See Also

http://cutephp.com/cutenews

Plugin Details

Severity: Medium

ID: 3279

Family: Web Servers

Published: 2005/11/03

Modified: 2018/07/11

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:W/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:cutephp:cutenews

Reference Information

CVE: CVE-2006-1340, CVE-2006-1339, CVE-2005-3507

BID: 17152, 15295