The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:N/AC:M/Au:N/C:P/I:P/A:P
Vendors | Products |
---|---|
Nmap |
|
Opensuse |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2013-10-26T17:00:00
Updated: 2013-12-01T17:26:34
Reserved: 2013-07-22T00:00:00
Link: CVE-2013-4885
JSON object: View
NVD Information
Status : Modified
Published: 2013-10-26T17:55:03.387
Modified: 2018-10-30T16:27:34.373
Link: CVE-2013-4885
JSON object: View
Redhat Information
No data.
CWE