Vulnerability Description
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kiwi Enterprises | Kiwi Cattools | All versions |
References
- http://secunia.com/advisories/24103
- http://securityreason.com/securityalert/2236
- http://www.kiwisyslog.com/kb/idx/5/178/article/
- http://www.osvdb.org/33162
- http://www.securityfocus.com/archive/1/459500/100/0/threaded
- http://www.securityfocus.com/archive/1/459933/100/0/threaded
- http://www.securityfocus.com/bid/22490
- http://www.vupen.com/english/advisories/2007/0536
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32398
- http://secunia.com/advisories/24103
- http://securityreason.com/securityalert/2236
- http://www.kiwisyslog.com/kb/idx/5/178/article/
- http://www.osvdb.org/33162
- http://www.securityfocus.com/archive/1/459500/100/0/threaded
- http://www.securityfocus.com/archive/1/459933/100/0/threaded
FAQ
What is CVE-2007-0888?
CVE-2007-0888 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) seq...
How severe is CVE-2007-0888?
CVE-2007-0888 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0888?
Check the references section above for vendor advisories and patch information. Affected products include: Kiwi Enterprises Kiwi Cattools.