CVE-2005-2147
published 2005-07-06CVE-2005-2147: Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer…
PriorityP427medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EPSS
1.42%
69.4th percentile
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | trac | < trac 0.8.4-1 (sid) | trac 0.8.4-1 (sid) |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | >= 0 < 0.8.4-1 | 0.8.4-1 |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.4MEDIUM
vendor_debian6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r7fq-xqxm-w3x6: Trac before 0
ghsa_unreviewed·2022-05-01
CVE-2005-2147 [MEDIUM] GHSA-r7fq-xqxm-w3x6: Trac before 0
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.
OSV
CVE-2005-2147: Trac before 0
osv·2005-07-06·CVSS 6.4
CVE-2005-2147 [MEDIUM] CVE-2005-2147: Trac before 0
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.
Debian
CVE-2005-2147: trac - Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via ...
vendor_debian·2005·CVSS 6.4
CVE-2005-2147 [MEDIUM] CVE-2005-2147: trac - Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via ...
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.
Scope: local
sid: resolved (fixed in 0.8.4-1)
trixie: resolved (fixed in 0.8.4-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Absolute Path Traversal
mitre_cwe
CWE-36 Absolute Path Traversal
CWE-36: Absolute Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Availability. Impact: Execute Unauthorized Code or Commands. The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
Scope: Integrity. Impact: Modify Files or Directories. The attacker may be able to overwrite or create
CWE
Path Traversal: '/absolute/pathname/here'
mitre_cwe
CWE-37 Path Traversal: '/absolute/pathname/here'
CWE-37: Path Traversal: '/absolute/pathname/here'
The product accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation, which can allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Integrity. Impact: Read Files or Directories, Modify Files or Directories.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searchin
http://secunia.com/advisories/15752http://www.debian.org/security/2005/dsa-739http://www.hardened-php.net/advisory-012005.phphttp://www.securityfocus.com/bid/13990http://secunia.com/advisories/15752http://www.debian.org/security/2005/dsa-739http://www.hardened-php.net/advisory-012005.phphttp://www.securityfocus.com/bid/13990
2005-07-06
Published