Vulnerability Description
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Real Time Logic | Barracudadrive Web Server | 3.7.2 |
| Real Time Logic | Barracudadrive Web Server Home Server | 3.7.2 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/barradrive-adv.txtExploit
- http://secunia.com/advisories/28032Vendor Advisory
- http://securityreason.com/securityalert/3434
- http://www.securityfocus.com/archive/1/484833/100/0/threaded
- http://www.securityfocus.com/bid/26805ExploitPatch
- http://aluigi.altervista.org/adv/barradrive-adv.txtExploit
- http://secunia.com/advisories/28032Vendor Advisory
- http://securityreason.com/securityalert/3434
- http://www.securityfocus.com/archive/1/484833/100/0/threaded
- http://www.securityfocus.com/bid/26805ExploitPatch
FAQ
What is CVE-2007-6317?
CVE-2007-6317 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, o...
How severe is CVE-2007-6317?
CVE-2007-6317 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6317?
Check the references section above for vendor advisories and patch information. Affected products include: Real Time Logic Barracudadrive Web Server, Real Time Logic Barracudadrive Web Server Home Server.