CVE-2008-0656 - OpenCVE

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Emc	Documentum Webtop Documentum Administrator

Configuration 1 [-]

OR	cpe:2.3:a:emc:documentum_administrator:4.2.8:::::::*
	cpe:2.3:a:emc:documentum_administrator:5.2.5:::::::*
	cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:::::::*
	cpe:2.3:a:emc:documentum_administrator:5.3.0.313:::::::*
	cpe:2.3:a:emc:documentum_webtop:5.2.5:::::::*
	cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:::::::*
	cpe:2.3:a:emc:documentum_webtop:5.3.0.317:::::::*

References

Link	Resource
http://secunia.com/advisories/28810	Vendor Advisory
http://securityreason.com/securityalert/3626
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf
http://www.securityfocus.com/archive/1/487603/100/0/threaded
http://www.securityfocus.com/bid/27632
http://www.securitytracker.com/id?1019305
http://www.vupen.com/english/advisories/2008/0439

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-02-07T20:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2008-02-07T00:00:00

Link: CVE-2008-0656

JSON object: View

NVD Information

Status : Modified

Published: 2008-02-07T21:00:00.000

Modified: 2018-10-15T22:02:21.103

Link: CVE-2008-0656

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"}, {"name": "1019305", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019305"}, {"name": "28810", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28810"}, {"name": "ADV-2008-0439", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0439"}, {"name": "27632", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27632"}, {"name": "3626", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3626"}, {"name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0656", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf", "refsource": "MISC", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"}, {"name": "1019305", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019305"}, {"name": "28810", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28810"}, {"name": "ADV-2008-0439", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0439"}, {"name": "27632", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27632"}, {"name": "3626", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3626"}, {"name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0656", "datePublished": "2008-02-07T20:00:00", "dateReserved": "2008-02-07T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:documentum_administrator:4.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "3B830D50-91F4-40D7-8886-0355A5AD4FCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "6B666EFE-3B3D-400E-A792-BB037D120BBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCBD37-E635-4B26-B18B-2665CC01EFD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_administrator:5.3.0.313:*:*:*:*:*:*:*", "matchCriteriaId": "269728EC-2AC7-4543-9D83-10AE44F85041", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "7FB76F58-E214-4275-91B2-3ABBCA94DCA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:*:*:*:*:*:*:*", "matchCriteriaId": "FBF739EC-CBE5-4EA7-A793-12C53F51E53C", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:documentum_webtop:5.3.0.317:*:*:*:*:*:*:*", "matchCriteriaId": "4ACB957D-EDE7-4DAF-A010-7EDE45BD0B24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."}, {"lang": "es", "value": "Vulnerabilidad de actualizaci\u00f3n de archivos sin restringir en dmclTrace.jsp en Documentum Administrator 5.3.0.313 y Webtop 5.3.0.317 permite a atacantes remotos sobrescribir archivos no especificados a trav\u00e9s del atributo filename."}], "id": "CVE-2008-0656", "lastModified": "2018-10-15T22:02:21.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-02-07T21:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28810"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3626"}, {"source": "cve@mitre.org", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27632"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019305"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0439"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}