 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2014-3225 |
| Description: | Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.868001 1.3.6.1.4.1.25623.1.0.868004 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3225 BugTraq ID: 67277 http://www.securityfocus.com/bid/67277 Bugtraq: 20140513 FD - Cobbler Arbitrary File Read CVE-2014-3225 (Google Search) http://www.securityfocus.com/archive/1/532094/100/0/threaded http://www.exploit-db.com/exploits/33252 http://packetstormsecurity.com/files/126553/Cobbler-Local-File-Inclusion.html https://github.com/cobbler/cobbler/issues/939 https://www.youtube.com/watch?v=vuBaoQUFEYQ&feature=youtu.be http://seclists.org/oss-sec/2014/q2/273 http://seclists.org/oss-sec/2014/q2/274 http://www.osvdb.org/106759 |