CVE-2015-1834 — Path Traversal in Cf-release

CWE-22 — Path Traversal5 documents4 sources

Severity

6.5MEDIUMNVD

OSV7.5

EPSS

0.3%

top 47.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Cloudfoundry Cf-release Pivotal Software Cloud Foundry Elastic Runtime +1 more

Timeline

PublishedMay 25

Latest updateMay 13

Description

A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a c…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime1.4.1

▶NVDcloudfoundry/cf-release207

▶CVEListV5pivotal/cloud_foundryElastic Runtime versions prior to 1.4.2, cf-release versions prior to v208+1

▶Ubuntuxmlsoft/libxml2< 2.9.1+dfsg1-3ubuntu4.8+1

🔴Vulnerability Details

GHSA

GHSA-xmcg-5rvr-g4j6: A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivot↗2022-05-13

▶

OSV

libxml2 vulnerabilities↗2016-06-06

▶

💬Community

Bugzilla

CVE-2015-4511 Mozilla: Buffer overflow while decoding WebM video (MFSA 2015-105)↗2015-09-23

▶

Bugzilla

CVE-2015-4509 Mozilla: Use-after-free while manipulating HTML media content (MFSA 2015-106)↗2015-09-22

▶