Description
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.
Product(s):
- Roundup-Tracker Roundup
- Roundup-Tracker Roundup 0.1.0
- Roundup-Tracker Roundup 0.1.1
- Roundup-Tracker Roundup 0.1.2
- Roundup-Tracker Roundup 0.1.3
- Roundup-Tracker Roundup 0.2.0
- Roundup-Tracker Roundup 0.2.1
- Roundup-Tracker Roundup 0.2.2
- Roundup-Tracker Roundup 0.2.3
- Roundup-Tracker Roundup 0.2.4
- Roundup-Tracker Roundup 0.2.5
- Roundup-Tracker Roundup 0.2.6
- Roundup-Tracker Roundup 0.2.7
- Roundup-Tracker Roundup 0.2.8
- Roundup-Tracker Roundup 0.3.0
- Roundup-Tracker Roundup 0.3.0pre1
- Roundup-Tracker Roundup 0.3.0pre2
- Roundup-Tracker Roundup 0.3.0pre3
- Roundup-Tracker Roundup 0.4.0
- Roundup-Tracker Roundup 0.4.0b1
- Roundup-Tracker Roundup 0.4.0b2
- Roundup-Tracker Roundup 0.4.1
- Roundup-Tracker Roundup 0.4.2
- Roundup-Tracker Roundup 0.4.2pr1
- Roundup-Tracker Roundup 0.5.0
- Roundup-Tracker Roundup 0.5.0beta1
- Roundup-Tracker Roundup 0.5.0beta2
- Roundup-Tracker Roundup 0.5.0pr1
- Roundup-Tracker Roundup 0.5.1
- Roundup-Tracker Roundup 0.5.2
- Roundup-Tracker Roundup 0.5.3
- Roundup-Tracker Roundup 0.5.4
- Roundup-Tracker Roundup 0.5.5
- Roundup-Tracker Roundup 0.5.6
- Roundup-Tracker Roundup 0.5.7
- Roundup-Tracker Roundup 0.5.8 Stable
- Roundup-Tracker Roundup 0.5.9
- Roundup-Tracker Roundup 0.5
- Roundup-Tracker Roundup 0.6.0
- Roundup-Tracker Roundup 0.6.0b1
- Roundup-Tracker Roundup 0.6.0b2
- Roundup-Tracker Roundup 0.6.0b3
- Roundup-Tracker Roundup 0.6.0b4
- Roundup-Tracker Roundup 0.6.1
- Roundup-Tracker Roundup 0.6.2
- Roundup-Tracker Roundup 0.6.3
- Roundup-Tracker Roundup 0.6.4
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1444, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1444 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.
References:
- http://webappsec.pbworks.com/Path-Traversal
- https://capec.mitre.org/data/definitions/126.html
- https://capec.mitre.org/data/definitions/64.html
- https://capec.mitre.org/data/definitions/76.html
- https://capec.mitre.org/data/definitions/78.html
- https://capec.mitre.org/data/definitions/79.html
- https://nvd.nist.gov/vuln/detail/CVE-2004-1444