Vulnerability Description
Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) "..\" (dot dot backslash) sequences in the NS-query-pat parameter to the search URL. URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Logisphere | Logisphere | 0.9.9j |
References
- http://secunia.com/advisories/17989Vendor Advisory
- http://www.ipomonis.com/advisories/logisphere_server.zip
- http://www.securityfocus.com/bid/15807Exploit
- http://www.vupen.com/english/advisories/2005/2840
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23552
- http://secunia.com/advisories/17989Vendor Advisory
- http://www.ipomonis.com/advisories/logisphere_server.zip
- http://www.securityfocus.com/bid/15807Exploit
- http://www.vupen.com/english/advisories/2005/2840
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23552
FAQ
What is CVE-2005-4202?
CVE-2005-4202 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4...
How severe is CVE-2005-4202?
CVE-2005-4202 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4202?
Check the references section above for vendor advisories and patch information. Affected products include: Logisphere Logisphere.