CVE-2015-0556

Loading...

General

Score:5.8/10.0
Severity:Medium
Category:Path Manipulation
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2015-0557, CVE-2015-2782

Published on 08/04/15 - Updated on 01/07/17

Description

Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.

Category: Path Manipulation

CWE-59 (Link Following)
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Security Notices

US National Vulnerability DatabaseCVE-2015-0556
Debian DSA-3213-1
Debian LTSDLA-188-1

Exploits

SecurityFocusBID-71860

Relative technologies

VendorProduct
arj_softwarearj_archiver
fedoraprojectfedora

Share this vulnerability with:

Twitter Facebook LinkedIn Mail