Vulnerability Details : CVE-2008-4995

redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default.

Published 2008-11-07 19:36:24

Updated 2017-08-08 01:33:03

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-4995

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-4995

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	[email protected]
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-4995

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: [email protected] (Primary)

References for CVE-2008-4995

Products affected by CVE-2008-4995

Jose M.vidal » Bk2site » Version: 1.1.9
cpe:2.3:a:jose_m.vidal:bk2site:1.1.9:*:*:*:*:*:*:*
Matching versions