CVE-2014-3225
Cobbler 2.4.x < 2.6.x - Local File Inclusion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
Vulnerabilidad de recorrido de directorio absoluto en la interfaz web en Cobbler 2.4.x hasta 2.6.x permite a usuarios remotos autenticados leer archivos arbitrarios a través del campo Kickstart en un perfil.
It was discovered that Cobbler did not properly handle user input, which could result in an absolute path traversal. An attacker could possibly use this issue to read arbitrary files. It was discovered that Cobbler did not properly handle user input, which could result in command injection. An attacker could possibly use this issue to execute arbitrary code with high privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-06 CVE Reserved
- 2014-05-08 First Exploit
- 2014-05-13 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2014/q2/273 | Mailing List |
|
| http://seclists.org/oss-sec/2014/q2/274 | Mailing List |
|
| http://www.osvdb.org/106759 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/532094/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/67277 | Vdb Entry | |
| https://github.com/cobbler/cobbler/issues/939 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/126607 | 2014-05-13 | |
| https://www.exploit-db.com/exploits/33252 | 2014-05-08 | |
| http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html | 2024-08-06 | |
| http://www.exploit-db.com/exploits/33252 | 2024-08-06 | |
| https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cobblerd Search vendor "Cobblerd" | Cobbler Search vendor "Cobblerd" for product "Cobbler" | 2.4.0 Search vendor "Cobblerd" for product "Cobbler" and version "2.4.0" | - |
Affected
| ||||||
| Cobblerd Search vendor "Cobblerd" | Cobbler Search vendor "Cobblerd" for product "Cobbler" | 2.4.0 Search vendor "Cobblerd" for product "Cobbler" and version "2.4.0" | 1 |
Affected
| ||||||
| Cobblerd Search vendor "Cobblerd" | Cobbler Search vendor "Cobblerd" for product "Cobbler" | 2.4.1 Search vendor "Cobblerd" for product "Cobbler" and version "2.4.1" | - |
Affected
| ||||||
| Cobblerd Search vendor "Cobblerd" | Cobbler Search vendor "Cobblerd" for product "Cobbler" | 2.4.2 Search vendor "Cobblerd" for product "Cobbler" and version "2.4.2" | - |
Affected
| ||||||
| Cobblerd Search vendor "Cobblerd" | Cobbler Search vendor "Cobblerd" for product "Cobbler" | 2.4.3 Search vendor "Cobblerd" for product "Cobbler" and version "2.4.3" | - |
Affected
| ||||||
| Cobblerd Search vendor "Cobblerd" | Cobbler Search vendor "Cobblerd" for product "Cobbler" | 2.4.4 Search vendor "Cobblerd" for product "Cobbler" and version "2.4.4" | - |
Affected
| ||||||
| Cobblerd Search vendor "Cobblerd" | Cobbler Search vendor "Cobblerd" for product "Cobbler" | 2.6.0 Search vendor "Cobblerd" for product "Cobbler" and version "2.6.0" | - |
Affected
| ||||||