cbcvebase.
CVE-2018-1000161
published 2018-04-18

CVE-2018-1000161: nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can…

PriorityP426medium5.7CVSS 3.0
AVNACLPRLUIRSUCNIHAN
EPSS
1.04%
59.9th percentile
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.

Affected

17 ranges
VendorProductVersion rangeFixed in
debiannmap< nmap 7.70+dfsg1-1 (bookworm)nmap 7.70+dfsg1-1 (bookworm)
nmapnmap
nmapnmap
nmapnmap
nmapnmap
nmapnmap
nmapnmap
nmapnmap
nmapnmap
nmapnmap
nmapnmap
nmapnmap
nmapnmap
nmapnmap>= 0 < 7.70+dfsg1-17.70+dfsg1-1
nmapnmap>= 0 < 7.70+dfsg1-17.70+dfsg1-1
nmapnmap>= 0 < 7.70+dfsg1-17.70+dfsg1-1
nmapnmap>= 0 < 7.70+dfsg1-17.70+dfsg1-1

CVSS provenance

nvdv3.05.7MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.7MEDIUM
vendor_debian5.7MEDIUM
vendor_redhat5.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.