{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-04T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-02-14T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"}, {"name": "8530", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8530"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4431", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt", "refsource": "MISC", "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"}, {"name": "8530", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8530"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4431", "datePublished": "2011-11-10T00:00:00", "dateReserved": "2011-11-09T00:00:00", "dateUpdated": "2012-02-14T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:merethis:centreon:*:*:*:*:*:*:*:*", "matchCriteriaId": "45C2952F-A22C-465A-BA6F-A59938932557", "versionEndIncluding": "2.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "61975AFA-B0B2-4B19-B208-146B2E71B737", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C9B3720-9430-49F7-9E81-A8BB2528E934", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "B2A44136-88C1-4CE5-A579-BD7DB1413E68", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1EA5A52-9234-4A8E-8E84-6D197CB9946F", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5EA670B-897B-4369-AA19-C3052CCE91E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E56A4852-61E8-4F43-B81F-4C8727082F85", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "3F38A5EB-A69E-4567-8DBF-8C438DE66D97", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "E62C0AA6-EABE-4926-A4DA-CD471D88C068", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C3A02C2E-AA16-4669-B77E-554B27478D91", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "C8F3C43F-3277-4162-B025-7FCBF7A79FAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0:b2:*:*:*:*:*:*", "matchCriteriaId": "97BB2893-02DC-4C49-B9CA-E9DEF3211C59", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0:b3:*:*:*:*:*:*", "matchCriteriaId": "9ADD46A2-80D7-49DD-A36D-BC5AAE01FAAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0:b4:*:*:*:*:*:*", "matchCriteriaId": "F41E4FC5-0031-41A9-820C-C63FF54E0B4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0:b5:*:*:*:*:*:*", "matchCriteriaId": "2DD77DAA-E499-4064-B717-42EA1950C028", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0:b6:*:*:*:*:*:*", "matchCriteriaId": "4BDC54B9-1955-4849-A6A1-F850931EED7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "CEC41A81-F8D2-44C7-B56E-C62918FFE0ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "C2FA1001-D1A6-4226-A724-6FF13F040314", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "A6A75F22-4D95-4F5B-820F-C15767ADE928", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "9DD571A7-C921-48A9-8974-F9D2F03F7CB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "47EE53E4-8F0F-4F54-A392-347D2A044B57", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7E9A1D39-6124-4E6A-81B1-24674BEF6588", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A38C74D1-7D54-4460-B819-0E935D664FDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "573D2183-3605-4589-86B9-2CAE570B968C", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6BF59787-CC19-4C94-B0FA-CD358B286357", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C23A7BA9-076B-4F2E-BF75-61E4717125A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "38843FE3-2FB0-4A2A-B912-E9A032938553", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "643D44B4-8B03-4EA0-A7CD-28E232581F67", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "A3DD7744-B87D-470F-9CC0-6054607340D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "EF20BFD5-B506-4307-9139-F03ABF40EB96", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "08081603-AD02-489B-8997-A507B5C0258D", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "35C125B6-B9CE-4CC2-BDDB-C4662A0E49A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "7E71E0C7-4699-4211-B4E8-8365EE23F417", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "36179BA7-13B4-4536-8F23-85D02987946A", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "1FD1A7E5-732F-4D81-893B-4314552F21D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "D73CA4BF-87F8-4121-B4E0-C77389140A1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "5144B2D2-63CE-43A6-8ED5-489C7C813CB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "31F62BA5-CD84-4BF4-8FA4-090F5204078B", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.2:b1:*:*:*:*:*:*", "matchCriteriaId": "E820AD82-824A-450C-9F43-CE687DD0C958", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "717E8961-B598-41AB-9319-4E6EA0023FF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "C0301884-6130-48F3-9A78-75BCB810601E", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FF3150EE-5077-468D-A808-4FD5EA6499CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9377F38-FF3B-43B9-AE24-6FEB84B0997F", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EFEF7D25-68E3-491E-9090-2D7D7F07983D", "vulnerable": true}, {"criteria": "cpe:2.3:a:merethis:centreon:2.3.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "9EFCB141-6231-4A95-AF65-8E80AB3960AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en main.php en Merethis Centreon antes de v2.3.2 permite a usuarios autenticados remotamente ejecutar comandos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro command_name"}], "id": "CVE-2011-4431", "lastModified": "2012-02-14T04:09:57.853", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-11-10T00:55:00.883", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8530"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}