CVE-2005-3559
published 2005-11-16CVE-2005-3559: Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the…
PriorityP335medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
20.16%
97.1th percentile
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:1.2.7.1.dfsg-2 (bullseye) | asterisk 1:1.2.7.1.dfsg-2 (bullseye) |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-429c-7p43-rw2j: Directory traversal vulnerability in vmail
ghsa_unreviewed·2022-05-01
CVE-2005-3559 [MEDIUM] GHSA-429c-7p43-rw2j: Directory traversal vulnerability in vmail
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
OSV
CVE-2005-3559: Directory traversal vulnerability in vmail
osv·2005-11-16·CVSS 5.0
CVE-2005-3559 [MEDIUM] CVE-2005-3559: Directory traversal vulnerability in vmail
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
Debian
CVE-2005-3559: asterisk - Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-b...
vendor_debian·2005·CVSS 5.0
CVE-2005-3559 [MEDIUM] CVE-2005-3559: asterisk - Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-b...
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
Scope: local
bullseye: resolved (fixed in 1:1.2.7.1.dfsg-2)
sid: resolved (fixed in 1:1.2.7.1.dfsg-2)
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/20577http://secunia.com/advisories/17459http://secunia.com/advisories/19872http://securitytracker.com/id?1015164http://www.assurance.com.au/advisories/200511-asterisk.txthttp://www.debian.org/security/2006/dsa-1048http://www.securityfocus.com/archive/1/415990/30/0/threadedhttp://www.securityfocus.com/bid/15336http://www.vupen.com/english/advisories/2005/2346https://exchange.xforce.ibmcloud.com/vulnerabilities/23002http://osvdb.org/20577http://secunia.com/advisories/17459http://secunia.com/advisories/19872http://securitytracker.com/id?1015164http://www.assurance.com.au/advisories/200511-asterisk.txthttp://www.debian.org/security/2006/dsa-1048http://www.securityfocus.com/archive/1/415990/30/0/threadedhttp://www.securityfocus.com/bid/15336http://www.vupen.com/english/advisories/2005/2346https://exchange.xforce.ibmcloud.com/vulnerabilities/23002
2005-11-16
Published