Vulnerability Description
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Logicnow | Perldesk | All versions |
References
- http://marc.info/?l=bugtraq&m=109509026406554&w=2
- http://secunia.com/advisories/12512ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/11160ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19712
- http://marc.info/?l=bugtraq&m=109509026406554&w=2
- http://secunia.com/advisories/12512ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/11160ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19712
FAQ
What is CVE-2004-1678?
CVE-2004-1678 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %0...
How severe is CVE-2004-1678?
CVE-2004-1678 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1678?
Check the references section above for vendor advisories and patch information. Affected products include: Logicnow Perldesk.