cbcvebase.
CVE-2010-4598
published 2010-12-23

CVE-2010-4598: Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the…

PriorityP272medium5CVSS 2.0
AVNACLAuNCPINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
26.48%
97.8th percentile
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.

Affected

3 ranges
VendorProductVersion rangeFixed in
ecavaintegraxor<= 3.6.4000.0
ecavaintegraxor
ecavaintegraxor

Detection & IOCsextracted from sources · hover to see the quote

  • Detect HTTP GET requests to the IntegraXor 'open' endpoint on port 7131 containing directory traversal sequences ('..\') in the 'file_name' parameter.
  • The vulnerable parameter is 'file_name' in an 'open' request; flag any request where this parameter traverses outside the web root using backslash-based dot-dot sequences.
  • ·The PROJECT_NAME segment of the URL path is variable and corresponds to any project hosted on the server; detection rules should treat this path component as a wildcard.
  • ·No vendor fix was available at time of disclosure; affected versions are 3.6.4000.0 and earlier running on Windows platforms.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.