Vulnerability Details : CVE-2016-1505
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
Products affected by CVE-2016-1505
- cpe:2.3:a:radicale:radicale:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1505
0.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1505
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
3.9
|
5.8
|
NIST |
CWE ids for CVE-2016-1505
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1505
-
http://www.openwall.com/lists/oss-security/2016/01/07/7
oss-security - Re: CVE request for radicale
-
https://github.com/Kozea/Radicale/pull/343
Secure path handling by Unrud · Pull Request #343 · Kozea/Radicale · GitHubPatch
-
http://www.openwall.com/lists/oss-security/2016/01/05/7
oss-security - CVE request for radicale
-
http://www.openwall.com/lists/oss-security/2016/01/06/7
oss-security - Re: CVE request for radicale
-
http://www.securityfocus.com/bid/80255
Radicale Arbitrary File Access And Multiple Security Bypass Vulnerabilities
-
https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6
Convert paths safely to file system paths · Unrud/Radicale@b4b3d51 · GitHub
-
http://www.openwall.com/lists/oss-security/2016/01/06/4
oss-security - Re: CVE request for radicale
Jump to