CVE-2014-3225
N/A
N/A
Summary
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://seclists.org/oss-sec/2014/q2/274
- https://github.com/cobbler/cobbler/issues/939
- http://www.osvdb.org/106759
- http://www.securityfocus.com/bid/67277
- http://seclists.org/oss-sec/2014/q2/273
- https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be
- http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html
- http://www.securityfocus.com/archive/1/532094/100/0/threaded
- http://www.exploit-db.com/exploits/33252
References
- http://seclists.org/oss-sec/2014/q2/274
- https://github.com/cobbler/cobbler/issues/939
- http://www.osvdb.org/106759
- http://www.securityfocus.com/bid/67277
- http://seclists.org/oss-sec/2014/q2/273
- https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be
- http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html
- http://www.securityfocus.com/archive/1/532094/100/0/threaded
- http://www.exploit-db.com/exploits/33252
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.