CVE-2016-1505 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2016-1505

CVE-2016-1505

February 03, 2016

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.

Affected Packages

radicale (PYTHON):

Affected version(s) >=0.2 <1.1

Fix Suggestion:

Update to version 1.1

Related Resources (10)

https://github.com/Kozea/Radicale

https://nvd.nist.gov/vuln/detail/CVE-2016-1505

http://www.openwall.com/lists/oss-security/2016/01/06/4

http://www.securityfocus.com/bid/80255

https://github.com/Kozea/Radicale/pull/343

http://www.openwall.com/lists/oss-security/2016/01/05/7

https://github.com/Kozea/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6

https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6

http://www.openwall.com/lists/oss-security/2016/01/07/7

http://www.openwall.com/lists/oss-security/2016/01/06/7

Do you need more information?

CVSS v4

Base Score:

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

HIGH

Subsequent System Availability

NONE

CVSS v3

Base Score:

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

CVSS v2

Base Score:

7.5

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

EPSS

Base Score:

1.38

Products

Solutions

Resources

Company

Compare

Developer Tools