CVE-2009-2658
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.
Vulnerabilidad de salto de directorio en ZNC anterior a v0.072 permite a atacantes remotos sobrescribir ficheros de su elección a través de una petición DCC SEND manipulada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-08-04 CVE Reserved
- 2009-08-04 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://en.znc.in/w/index.php?title=ZNC&oldid=3209#WARNING | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2009/07/21/5 | Mailing List |
|
| http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://en.znc.in/wiki/ChangeLog/0.072 | 2009-08-12 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/35916 | 2009-08-12 | |
| http://www.debian.org/security/2009/dsa-1848 | 2009-08-12 | |
| https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00965.html | 2009-08-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.044 Search vendor "Znc" for product "Znc" and version "0.044" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.045 Search vendor "Znc" for product "Znc" and version "0.045" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.047 Search vendor "Znc" for product "Znc" and version "0.047" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.052 Search vendor "Znc" for product "Znc" and version "0.052" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.054 Search vendor "Znc" for product "Znc" and version "0.054" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.056 Search vendor "Znc" for product "Znc" and version "0.056" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.058 Search vendor "Znc" for product "Znc" and version "0.058" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.060 Search vendor "Znc" for product "Znc" and version "0.060" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.062 Search vendor "Znc" for product "Znc" and version "0.062" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.064 Search vendor "Znc" for product "Znc" and version "0.064" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.066 Search vendor "Znc" for product "Znc" and version "0.066" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.068 Search vendor "Znc" for product "Znc" and version "0.068" | - |
Affected
| ||||||
| Znc Search vendor "Znc" | Znc Search vendor "Znc" for product "Znc" | 0.070 Search vendor "Znc" for product "Znc" and version "0.070" | - |
Affected
| ||||||