CVE-2007-2836 Information
Description
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
Reference
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691 http://hikiwiki.org/en/advisory20070624.html http://hikiwiki.org/hiki-0_8_6.patch http://jvn.jp/jp/JVN2305187780/index.html http://osvdb.org/37469 http://secunia.com/advisories/25764 http://secunia.com/advisories/25874 http://www.debian.org/security/2007/dsa-1324 http://www.securityfocus.com/bid/24603 http://www.vupen.com/english/advisories/2007/2304 https://exchange.xforce.ibmcloud.com/vulnerabilities/35029
Share on: