Vulnerability Description
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hiki | Hiki | 0.8.0 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691
- http://hikiwiki.org/en/advisory20070624.html
- http://hikiwiki.org/hiki-0_8_6.patch
- http://jvn.jp/jp/JVN%2305187780/index.html
- http://osvdb.org/37469
- http://secunia.com/advisories/25764PatchVendor Advisory
- http://secunia.com/advisories/25874PatchVendor Advisory
- http://www.debian.org/security/2007/dsa-1324
- http://www.securityfocus.com/bid/24603
- http://www.vupen.com/english/advisories/2007/2304
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35029
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691
- http://hikiwiki.org/en/advisory20070624.html
- http://hikiwiki.org/hiki-0_8_6.patch
- http://jvn.jp/jp/JVN%2305187780/index.html
FAQ
What is CVE-2007-2836?
CVE-2007-2836 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched agai...
How severe is CVE-2007-2836?
CVE-2007-2836 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2836?
Check the references section above for vendor advisories and patch information. Affected products include: Hiki Hiki.