Vulnerability Description
Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Craig Drummond | Cantata | <= 1.2.1 |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2014/q1/121
- http://seclists.org/oss-sec/2014/q1/124
- https://code.google.com/p/cantata/issues/detail?id=356Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90580
- http://seclists.org/oss-sec/2014/q1/121
- http://seclists.org/oss-sec/2014/q1/124
- https://code.google.com/p/cantata/issues/detail?id=356Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90580
FAQ
What is CVE-2013-7300?
CVE-2013-7300 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be...
How severe is CVE-2013-7300?
CVE-2013-7300 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7300?
Check the references section above for vendor advisories and patch information. Affected products include: Craig Drummond Cantata.