CVE-2004-0235

Severity Score

6.4

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

Múltiples vulnerabilidades de atravesamiento de directorios en LHA 1.14 permite a atacantes locales o usuarios locales crear ficheros arbitrarios mediante un archivo LHA conteniendo nombres de fichero con secuencias (1) ".." (punto punto) o (2) rutas absolutas con barra inicial doble ("//ruta/absoluta").

*Credits: N/A

CVSS Scores

NISTv2 6.4

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-03-17 CVE Reserved
2004-05-04 CVE Published
2024-08-08 CVE Updated
2024-08-08 First Exploit
2024-10-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (15)

URL	Tag	Source
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html	Mailing List
http://marc.info/?l=bugtraq&m=108422737918885&w=2	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/16013	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978	Signature

URL	Date	SRC
http://www.securityfocus.com/bid/10243	2024-08-08

URL	Date	SRC

URL	Date	SRC
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840	2017-10-11
http://security.gentoo.org/glsa/glsa-200405-02.xml	2017-10-11
http://www.debian.org/security/2004/dsa-515	2017-10-11
http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-178.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-179.html	2017-10-11
https://bugzilla.fedora.us/show_bug.cgi?id=1833	2017-10-11
https://access.redhat.com/security/cve/CVE-2004-0235	2004-04-30
https://bugzilla.redhat.com/show_bug.cgi?id=1617184	2004-04-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.0 Search vendor "Clearswift" for product "Mailsweeper" and version "4.0"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.1 Search vendor "Clearswift" for product "Mailsweeper" and version "4.1"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.2 Search vendor "Clearswift" for product "Mailsweeper" and version "4.2"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3.3 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3.3"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3.4 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3.4"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3.5 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3.5"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3.6 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3.6"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3.6_sp1 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3.6_sp1"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3.7 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3.7"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3.8 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3.8"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3.10 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3.10"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3.11 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3.11"		-		Affected
Clearswift Search vendor "Clearswift"		Mailsweeper Search vendor "Clearswift" for product "Mailsweeper"				4.3.13 Search vendor "Clearswift" for product "Mailsweeper" and version "4.3.13"		-		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				4.51 Search vendor "F-secure" for product "F-secure Anti-virus" and version "4.51"		linux_gateways		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				4.51 Search vendor "F-secure" for product "F-secure Anti-virus" and version "4.51"		linux_servers		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				4.51 Search vendor "F-secure" for product "F-secure Anti-virus" and version "4.51"		linux_workstations		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				4.52 Search vendor "F-secure" for product "F-secure Anti-virus" and version "4.52"		linux_gateways		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				4.52 Search vendor "F-secure" for product "F-secure Anti-virus" and version "4.52"		linux_servers		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				4.52 Search vendor "F-secure" for product "F-secure Anti-virus" and version "4.52"		linux_workstations		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				4.60 Search vendor "F-secure" for product "F-secure Anti-virus" and version "4.60"		samba_servers		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				5.5 Search vendor "F-secure" for product "F-secure Anti-virus" and version "5.5"		client_security		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				5.41 Search vendor "F-secure" for product "F-secure Anti-virus" and version "5.41"		mimesweeper		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				5.41 Search vendor "F-secure" for product "F-secure Anti-virus" and version "5.41"		windows_servers		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				5.41 Search vendor "F-secure" for product "F-secure Anti-virus" and version "5.41"		workstations		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				5.42 Search vendor "F-secure" for product "F-secure Anti-virus" and version "5.42"		mimesweeper		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				5.42 Search vendor "F-secure" for product "F-secure Anti-virus" and version "5.42"		windows_servers		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				5.42 Search vendor "F-secure" for product "F-secure Anti-virus" and version "5.42"		workstations		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				5.52 Search vendor "F-secure" for product "F-secure Anti-virus" and version "5.52"		client_security		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				6.21 Search vendor "F-secure" for product "F-secure Anti-virus" and version "6.21"		ms_exchange		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				2003 Search vendor "F-secure" for product "F-secure Anti-virus" and version "2003"		-		Affected
F-secure Search vendor "F-secure"		F-secure Anti-virus Search vendor "F-secure" for product "F-secure Anti-virus"				2004 Search vendor "F-secure" for product "F-secure Anti-virus" and version "2004"		-		Affected
F-secure Search vendor "F-secure"		F-secure For Firewalls Search vendor "F-secure" for product "F-secure For Firewalls"				6.20 Search vendor "F-secure" for product "F-secure For Firewalls" and version "6.20"		-		Affected
F-secure Search vendor "F-secure"		F-secure Internet Security Search vendor "F-secure" for product "F-secure Internet Security"				2003 Search vendor "F-secure" for product "F-secure Internet Security" and version "2003"		-		Affected
F-secure Search vendor "F-secure"		F-secure Internet Security Search vendor "F-secure" for product "F-secure Internet Security"				2004 Search vendor "F-secure" for product "F-secure Internet Security" and version "2004"		-		Affected
F-secure Search vendor "F-secure"		F-secure Personal Express Search vendor "F-secure" for product "F-secure Personal Express"				4.5 Search vendor "F-secure" for product "F-secure Personal Express" and version "4.5"		-		Affected
F-secure Search vendor "F-secure"		F-secure Personal Express Search vendor "F-secure" for product "F-secure Personal Express"				4.6 Search vendor "F-secure" for product "F-secure Personal Express" and version "4.6"		-		Affected
F-secure Search vendor "F-secure"		F-secure Personal Express Search vendor "F-secure" for product "F-secure Personal Express"				4.7 Search vendor "F-secure" for product "F-secure Personal Express" and version "4.7"		-		Affected
F-secure Search vendor "F-secure"		Internet Gatekeeper Search vendor "F-secure" for product "Internet Gatekeeper"				6.31 Search vendor "F-secure" for product "Internet Gatekeeper" and version "6.31"		-		Affected
F-secure Search vendor "F-secure"		Internet Gatekeeper Search vendor "F-secure" for product "Internet Gatekeeper"				6.32 Search vendor "F-secure" for product "Internet Gatekeeper" and version "6.32"		-		Affected
Rarlab Search vendor "Rarlab"		Winrar Search vendor "Rarlab" for product "Winrar"				3.20 Search vendor "Rarlab" for product "Winrar" and version "3.20"		-		Affected
Redhat Search vendor "Redhat"		Lha Search vendor "Redhat" for product "Lha"				1.14i-9 Search vendor "Redhat" for product "Lha" and version "1.14i-9"		i386		Affected
Sgi Search vendor "Sgi"		Propack Search vendor "Sgi" for product "Propack"				2.4 Search vendor "Sgi" for product "Propack" and version "2.4"		-		Affected
Sgi Search vendor "Sgi"		Propack Search vendor "Sgi" for product "Propack"				3.0 Search vendor "Sgi" for product "Propack" and version "3.0"		-		Affected
Stalker Search vendor "Stalker"		Cgpmcafee Search vendor "Stalker" for product "Cgpmcafee"				3.2 Search vendor "Stalker" for product "Cgpmcafee" and version "3.2"		-		Affected
Tsugio Okamoto Search vendor "Tsugio Okamoto"		Lha Search vendor "Tsugio Okamoto" for product "Lha"				1.14 Search vendor "Tsugio Okamoto" for product "Lha" and version "1.14"		-		Affected
Tsugio Okamoto Search vendor "Tsugio Okamoto"		Lha Search vendor "Tsugio Okamoto" for product "Lha"				1.15 Search vendor "Tsugio Okamoto" for product "Lha" and version "1.15"		-		Affected
Tsugio Okamoto Search vendor "Tsugio Okamoto"		Lha Search vendor "Tsugio Okamoto" for product "Lha"				1.17 Search vendor "Tsugio Okamoto" for product "Lha" and version "1.17"		-		Affected
Winzip Search vendor "Winzip"		Winzip Search vendor "Winzip" for product "Winzip"				9.0 Search vendor "Winzip" for product "Winzip" and version "9.0"		-		Affected
Redhat Search vendor "Redhat"		Fedora Core Search vendor "Redhat" for product "Fedora Core"				core_1.0 Search vendor "Redhat" for product "Fedora Core" and version "core_1.0"		-		Affected