ELOG Web Logbook目录遍历漏洞
| CNNVD-ID编号 | CNNVD-200601-255 | CVE编号 | CVE-2006-0347 |
| 发布时间 | 2006-01-20 | 更新时间 | 2006-01-30 |
| 漏洞类型 | 路径遍历 | 漏洞来源 | N/A |
| 危险等级 | 中危 | 威胁类型 | 远程 |
| 厂商 | stefan_ritt | ||
漏洞介绍
ELOG 2.6.1之前版本中存在目录遍历漏洞,远程攻击者可以通过URL中的\"../\"序列来访问elog目录之外的任意文件。
漏洞补丁
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Elog Web Logbook Elog Web Logbook 2.0 .0
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.0.1
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.0.2
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.0.3
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.0.4
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.0.5
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.1 .0
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.1.1
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.1.2
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.1.3
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.2 .0
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.2.1
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.2.2
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.2.3
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.2.4
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.4
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.5
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.5.6
Elog Web Logbook Elog Web Logbook 2.6.1
http://midas.psi.ch/elog/download.html
Elog Web Logbook Elog Web Logbook 2.5.7
Debian elog_2.5.7+r1558-4+sarge2_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_alpha.deb
Debian elog_2.5.7+r1558-4+sarge2_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_amd64.deb
Debian elog_2.5.7+r1558-4+sarge2_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_arm.deb
Debian elog_2.5.7+r1558-4+sarge2_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_hppa.deb
Debian elog_2.5.7+r1558-4+sarge2_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_i386.deb
Debian elog_2.5.7+r1558-4+sarge2_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_ia64.deb
Debian elog_2.5.7+r1558-4+sarge2_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_m68k.deb
Debian elog_2.5.7+r1558-4+sarge2_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_mips.deb
Debian elog_2.5.7+r1558-4+sarge2_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_mipsel.deb
Debian elog_2.5.7+r1558-4+sarge2_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4 +sarge2_powerpc.deb
Debian elog_2.5.7+r1558-4+sarge2_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/
参考网址
来源: BID
名称: 16315
链接:http://www.securityfocus.com/bid/16315
来源: VUPEN
名称: ADV-2006-0262
链接:http://www.frsirt.com/english/advisories/2006/0262
来源: SECUNIA
名称: 18533
链接:http://secunia.com/advisories/18533
来源: XF
名称: elog-dotdot-directory-traversal(24224)
链接:http://xforce.iss.net/xforce/xfdb/24224
来源: MISC
链接:http://midas.psi.ch/elog/download/ChangeLog
来源: OSVDB
名称: 22647
来源: DEBIAN
名称: DSA-967
链接:http://www.debian.org/security/2006/dsa-967
受影响实体
Stefan_ritt Elog_web_logbook:2.0.5 Stefan_ritt Elog_web_logbook:2.0.0 Stefan_ritt Elog_web_logbook:2.0.2 Stefan_ritt Elog_web_logbook:2.0.1 Stefan_ritt Elog_web_logbook:2.6.0信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-255
评论