CVE-2014-6394

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140020.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139415.html
http://secunia.com/advisories/62170
http://www-01.ibm.com/support/docview.wss?uid=swg21687263
http://www.openwall.com/lists/oss-security/2014/09/24/1
http://www.openwall.com/lists/oss-security/2014/09/30/10
http://www.securityfocus.com/bid/70100
https://bugzilla.redhat.com/show_bug.cgi?id=1146063
https://exchange.xforce.ibmcloud.com/vulnerabilities/96727
https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a	Exploit
https://github.com/visionmedia/send/pull/59
https://nodesecurity.io/advisories/send-directory-traversal
https://support.apple.com/HT205217

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:19:::::::*
	cpe:2.3:o:fedoraproject:fedora:20:::::::*
	cpe:2.3:o:fedoraproject:fedora:21:::::::*

Configuration 2 (hide)

cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:joyent:node.js::::::::
	cpe:2.3:a:joyent:node.js:0.8.0:::::::*
	cpe:2.3:a:joyent:node.js:0.8.1:::::::*
	cpe:2.3:a:joyent:node.js:0.8.2:::::::*

History

No history.

Information

Published : 2014-10-08 17:55

Updated : 2023-12-10 11:31

NVD link : CVE-2014-6394

Mitre link : CVE-2014-6394

CVE.ORG link : CVE-2014-6394

JSON object : View

Products Affected

apple

xcode

fedoraproject

fedora

joyent

node.js

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2014-6394", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-08T17:55:05.123", "references": [{"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html", "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.html", "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140020.html", "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139415.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/62170", "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687263", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/09/24/1", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/09/30/10", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/70100", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1146063", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96727", "source": "cve@mitre.org"}, {"url": "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://github.com/visionmedia/send/pull/59", "source": "cve@mitre.org"}, {"url": "https://nodesecurity.io/advisories/send-directory-traversal", "source": "cve@mitre.org"}, {"url": "https://support.apple.com/HT205217", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using \"public-restricted\" under a \"public\" directory."}, {"lang": "es", "value": "visionmedia send anterior a 0.8.4 para Node.js utiliza una comparaci\u00f3n parcial para verificar si un directorio est\u00e1 dentro del root del documento, lo que permite a atacantes remotos acceder a directorios restringidos, tal y como fue demostrado mediante el uso de 'p\u00fablico restringido' bajo un directorio 'publico'."}], "lastModified": "2017-09-08T01:29:14.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7344422F-F65A-4000-A9EF-8D323DA29011"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joyent:node.js:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2168E2D-854F-44A0-863E-58A51ECE9F78", "versionEndIncluding": "0.8.3"}, {"criteria": "cpe:2.3:a:joyent:node.js:0.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B65C3DA-0EA3-424B-A67E-CDCB423C747F"}, {"criteria": "cpe:2.3:a:joyent:node.js:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB17C294-7956-4A9B-94CC-E8F81F614AE7"}, {"criteria": "cpe:2.3:a:joyent:node.js:0.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36889A97-34A0-4898-B374-0ED1C9DAA8F5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}