Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2007-2836

Date: July 2, 2007

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.

Severity Score

Related Resources (14)

https://people.canonical.com/~ubuntu-security/cve/CVE-2007-2836
http://hikiwiki.org/en/advisory20070624.html
http://www.debian.org/security/2007/dsa-1324
http://www.securityfocus.com/bid/24603
https://nvd.nist.gov/vuln/detail/CVE-2007-2836
http://hikiwiki.org/hiki-0_8_6.patch
http://www.vupen.com/english/advisories/2007/2304
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691
http://jvn.jp/jp/JVN%2305187780/index.html
http://osvdb.org/37469
http://secunia.com/advisories/25874
http://secunia.com/advisories/25764
https://exchange.xforce.ibmcloud.com/vulnerabilities/35029
https://www.mend.io/vulnerability-database/CVE-2007-2836

Severity Score

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us