var-200802-0085
Vulnerability from variot

Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or overwrite files with arbitrary content. These issues affect Ipswitch Instant Messaging 2.0.8.1; other versions may also be affected. Remote authentication users can create arbitrary empty files with ".." in the message receiver field

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200802-0085",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "imserver",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "ipswitch",
        "version": "2.0.8.1"
      },
      {
        "model": "instant messaging",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "ipswitch",
        "version": "2.0.8.1"
      },
      {
        "model": "instant messaging",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "2.0.8.1"
      },
      {
        "model": "imserver",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ipswitch",
        "version": "2.0.8.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27677"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-454"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0946"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ipswitch:imserver",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ipswitch:instant_messaging",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Luigi Auriemma is credited with discovering these vulnerabilities.",
    "sources": [
      {
        "db": "BID",
        "id": "27677"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2008-0946",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CVE-2008-0946",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "VHN-31071",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-0946",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-0946",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200802-454",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-31071",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-454"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0946"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. \nAttackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or overwrite files with arbitrary content. \nThese issues affect Ipswitch Instant Messaging 2.0.8.1; other versions may also be affected. Remote authentication users can create arbitrary empty files with \"..\" in the message receiver field",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0946"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      },
      {
        "db": "BID",
        "id": "27677"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31071"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-0946",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "27677",
        "trust": 2.0
      },
      {
        "db": "SREASON",
        "id": "3697",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20080207 MULTIPLE VULNERABILITIES IN IPSWITCH INSTANT MESSAGING 2.0.8.1",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-454",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-31071",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31071"
      },
      {
        "db": "BID",
        "id": "27677"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-454"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0946"
      }
    ]
  },
  "id": "VAR-200802-0085",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31071"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:03:41.980000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Instant Messaging",
        "trust": 0.8,
        "url": "http://www.imailserver.com/products/ipswitch-instant-messaging/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0946"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/27677"
      },
      {
        "trust": 1.7,
        "url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
      },
      {
        "trust": 1.7,
        "url": "http://aluigi.org/poc/ipsimene.zip"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3697"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0946"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0946"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/487748/100/200/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipswitch.com/products/instant_messaging"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/487748"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31071"
      },
      {
        "db": "BID",
        "id": "27677"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-454"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0946"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-31071"
      },
      {
        "db": "BID",
        "id": "27677"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-454"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0946"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-02-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31071"
      },
      {
        "date": "2008-02-07T00:00:00",
        "db": "BID",
        "id": "27677"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      },
      {
        "date": "2008-02-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200802-454"
      },
      {
        "date": "2008-02-25T21:44:00",
        "db": "NVD",
        "id": "CVE-2008-0946"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31071"
      },
      {
        "date": "2016-07-06T14:17:00",
        "db": "BID",
        "id": "27677"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200802-454"
      },
      {
        "date": "2024-11-21T00:43:17.330000",
        "db": "NVD",
        "id": "CVE-2008-0946"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-454"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ipswitch IM of  IM Server Vulnerable to directory traversal",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-004154"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-454"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…