Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Feb 2022, 17:02
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux Apache Apache openoffice |
|
CPE | cpe:2.3:a:sun:openoffice.org:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.1.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:* cpe:2.3:a:sun:openoffice.org:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:sun:openoffice.org:2.0.0:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:* cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:* |
References | (DEBIAN) http://www.debian.org/security/2011/dsa-2151 - Third Party Advisory | |
References | (OSVDB) http://osvdb.org/70711 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0232 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/42999 - Broken Link | |
References | (SECTRACK) http://www.securitytracker.com/id?1025002 - Broken Link, Third Party Advisory, VDB Entry | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0181.html - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/60799 - Broken Link | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=602324 - Issue Tracking, Patch, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/43118 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/43065 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/43105 - Broken Link | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html - Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0182.html - Broken Link | |
References | (UBUNTU) http://ubuntu.com/usn/usn-1056-1 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/40775 - Broken Link | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0230 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0279 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/46031 - Broken Link, Third Party Advisory, VDB Entry | |
References | (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory |
Information
Published : 2011-01-28 22:00
Updated : 2023-12-10 11:03
NVD link : CVE-2010-3450
Mitre link : CVE-2010-3450
CVE.ORG link : CVE-2010-3450
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
apache
- openoffice
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')