CVE-2013-3514 - OpenCVE

Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Openx	Openx

Configuration 1 [-]

OR	cpe:2.3:a:openx:openx::::::::
	cpe:2.3:a:openx:openx:2.4:::::::*
	cpe:2.3:a:openx:openx:2.4.4:::::::*
	cpe:2.3:a:openx:openx:2.4.5:::::::*
	cpe:2.3:a:openx:openx:2.4.6:::::::*
	cpe:2.3:a:openx:openx:2.4.7:::::::*
	cpe:2.3:a:openx:openx:2.4.8:::::::*
	cpe:2.3:a:openx:openx:2.4.9:::::::*
	cpe:2.3:a:openx:openx:2.4.10:::::::*
	cpe:2.3:a:openx:openx:2.4.11:::::::*
	cpe:2.3:a:openx:openx:2.6.0:::::::*
	cpe:2.3:a:openx:openx:2.6.1:::::::*
	cpe:2.3:a:openx:openx:2.6.2:::::::*
	cpe:2.3:a:openx:openx:2.6.3:::::::*
	cpe:2.3:a:openx:openx:2.6.4:::::::*
	cpe:2.3:a:openx:openx:2.6.5:::::::*
	cpe:2.3:a:openx:openx:2.7.29:::::::*
	cpe:2.3:a:openx:openx:2.8:::::::*
	cpe:2.3:a:openx:openx:2.8.1:::::::*
	cpe:2.3:a:openx:openx:2.8.2:::::::*
	cpe:2.3:a:openx:openx:2.8.3:::::::*
	cpe:2.3:a:openx:openx:2.8.4:::::::*
	cpe:2.3:a:openx:openx:2.8.5:::::::*
	cpe:2.3:a:openx:openx:2.8.6:::::::*
	cpe:2.3:a:openx:openx:2.8.7:::::::*
	cpe:2.3:a:openx:openx:2.8.8:::::::*
	cpe:2.3:a:openx:openx:2.8.9:::::::*

References

Link	Resource
http://osvdb.org/94778
http://seclists.org/bugtraq/2013/Jul/27	Exploit
https://www.htbridge.com/advisory/HTB23155	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-05-14T19:00:00

Updated: 2014-05-14T18:57:01

Reserved: 2013-05-08T00:00:00

Link: CVE-2013-3514

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-05-14T19:55:09.277

Modified: 2014-05-15T13:01:41.613

Link: CVE-2013-3514

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-03T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-14T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "94778", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/94778"}, {"name": "20130703 Multiple Vulnerabilities in OpenX", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2013/Jul/27"}, {"tags": ["x_refsource_MISC"], "url": "https://www.htbridge.com/advisory/HTB23155"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3514", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "94778", "refsource": "OSVDB", "url": "http://osvdb.org/94778"}, {"name": "20130703 Multiple Vulnerabilities in OpenX", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2013/Jul/27"}, {"name": "https://www.htbridge.com/advisory/HTB23155", "refsource": "MISC", "url": "https://www.htbridge.com/advisory/HTB23155"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3514", "datePublished": "2014-05-14T19:00:00", "dateReserved": "2013-05-08T00:00:00", "dateUpdated": "2014-05-14T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*", "matchCriteriaId": "8341B095-E7FF-4B67-9307-DF23DD0A030E", "versionEndIncluding": "2.8.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "220D8830-4421-4393-B41F-691A0E465374", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B69A60AF-6FA2-4527-9317-58C581473C66", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "53251C77-AED4-40CB-995F-0545148A458E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "2330F4FE-F861-4244-A160-DAB37BE2A1D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "B997A54E-7F45-4656-A3A7-637547DFEFBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "9D9A46B6-B245-493A-B5EC-B9B8508BD9B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "F560C0FD-8584-4686-B869-487498BFDC61", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "D5401151-C5A7-4F70-8378-F02BD14C1A10", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "5D2FF584-3585-4019-A8AF-04D193022EDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "679F1054-9AC8-477B-A7C7-156C82C3D7A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "F7D866D9-F3CB-4A5D-8946-62A425173845", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "290E79D9-5AF4-4D24-877F-2B357156381D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "39E8AB7C-CCC8-4C5E-8E42-C57C81C5EE16", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "5592CDF8-CF2A-4514-83D7-17A47715921F", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "9007BE21-FF62-4294-A92A-05F45F731FE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.7.29:*:*:*:*:*:*:*", "matchCriteriaId": "1B2F123E-B39B-4A54-9575-2E4EF1BB1A8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "6F8581E3-9185-45A6-9BCA-B77A9D3D7F8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "2D9EE001-25C5-466C-BF2B-C0B255E10886", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "3BBDAB70-27FA-4D81-A06E-5E394828513C", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "2DCEECC7-1A82-4994-82BE-1E7F8E15068A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "0302A92C-9659-4F68-A97B-6EBE08D86B54", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "C60BF997-9E26-4B7A-8243-2CCDC74CAAC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openx:openx:2.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "06D09511-33F0-4759-A379-6A9C1B2ADFFF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en OpenX anterior a 2.8.10 revisi\u00f3n 82710 permite a administradores remotos leer archivos arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro group hacia (1) plugin-preferences.php o (2) plugin-settings.php en www/admin, una vulnerabilidad diferente a CVE-2013-7376. NOTA: esto puede ser aprovechado utilizando CSRF para permitir a atacantes remotos no autenticados leer archivos arbitrarios."}], "id": "CVE-2013-3514", "lastModified": "2014-05-15T13:01:41.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-14T19:55:09.277", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/94778"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/bugtraq/2013/Jul/27"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.htbridge.com/advisory/HTB23155"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}