Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-4013 | First vendor Publication | 2010-02-02 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 9.8 | ||
| Base Score | 9.8 | Environmental Score | 9.8 |
| impact SubScore | 5.9 | Temporal Score | 9.8 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4013 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-23 | File System Function Injection, Content Based |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-76 | Manipulating Input to File System Calls |
| CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
| CAPEC-79 | Using Slashes in Alternate Encoding |
| CAPEC-139 | Relative Path Traversal |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-01-29 | Name : Ubuntu Update for lintian vulnerabilities USN-891-1 File : nvt/gb_ubuntu_USN_891_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 62125 | Lintian Control Field / File Traversal Arbitrary File Overwrite |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1979.nasl - Type : ACT_GATHER_INFO |
| 2010-01-28 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-891-1.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:09:28 |
|
| 2024-11-28 12:20:14 |
|
| 2024-01-26 21:28:11 |
|
| 2023-11-07 21:47:37 |
|
| 2021-05-04 12:10:29 |
|
| 2021-04-22 01:10:56 |
|
| 2020-05-23 00:24:36 |
|
| 2016-04-26 19:15:55 |
|
| 2014-02-17 10:52:24 |
|
| 2013-05-11 00:00:58 |
|
