CVE-2017-17662 - OpenCVE

Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for example a '.\./', '....\/' or '...\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a "GET /.\./.\./.\./.\./.\./.\./.\./windows/system32/drivers/etc/hosts." request.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Yawcam	Yawcam

Configuration 1 [-]

cpe:2.3:a:yawcam:yawcam:*:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/145770/Yawcam-0.6.0-Directory-Traversal.html	Exploit Third Party Advisory VDB Entry
http://www.yawcam.com/news.php	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-10T18:00:00

Updated: 2018-01-10T17:57:02

Reserved: 2017-12-13T00:00:00

Link: CVE-2017-17662

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-01-10T18:29:01.227

Modified: 2018-02-02T18:32:55.920

Link: CVE-2017-17662

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-18T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \\ or ..\\ -- for example a '.\\./', '....\\/' or '...\\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a \"GET /.\\./.\\./.\\./.\\./.\\./.\\./.\\./windows/system32/drivers/etc/hosts.\" request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-10T17:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.yawcam.com/news.php"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/145770/Yawcam-0.6.0-Directory-Traversal.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17662", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \\ or ..\\ -- for example a '.\\./', '....\\/' or '...\\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a \"GET /.\\./.\\./.\\./.\\./.\\./.\\./.\\./windows/system32/drivers/etc/hosts.\" request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.yawcam.com/news.php", "refsource": "CONFIRM", "url": "http://www.yawcam.com/news.php"}, {"name": "http://packetstormsecurity.com/files/145770/Yawcam-0.6.0-Directory-Traversal.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/145770/Yawcam-0.6.0-Directory-Traversal.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17662", "datePublished": "2018-01-10T18:00:00", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2018-01-10T17:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yawcam:yawcam:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D0A47F9-B512-4A84-95FA-B4297AE35C40", "versionEndIncluding": "0.6.0", "versionStartIncluding": "0.2.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \\ or ..\\ -- for example a '.\\./', '....\\/' or '...\\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a \"GET /.\\./.\\./.\\./.\\./.\\./.\\./.\\./windows/system32/drivers/etc/hosts.\" request."}, {"lang": "es", "value": "Salto de directorio en el servidor HTTP en dispositivos Yawcam desde la versi\u00f3n 0.2.6 hasta la 0.6.0 permite que los atacantes lean archivos arbitrarios a trav\u00e9s de una secuencia de la forma \".x./\" o \"....\\x/\" donde x es un patr\u00f3n compuesto de uno o m\u00e1s (cero o m\u00e1s para el segundo patr\u00f3n) de \\ o ..\\ -- por ejemplo una secuencia \".\\./\", \"....\\/\" or \"...\\./\". Para archivos con ninguna extensi\u00f3n, se necesita poner un punto para asegurar que el servidor HTTP no altera la petici\u00f3n; es decir, una petici\u00f3n \"GET /.\\./.\\./.\\./.\\./.\\./.\\./.\\./windows/system32/drivers/etc/hosts.\"."}], "id": "CVE-2017-17662", "lastModified": "2018-02-02T18:32:55.920", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-10T18:29:01.227", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/145770/Yawcam-0.6.0-Directory-Traversal.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.yawcam.com/news.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}