CVE-2018-1000161
published 2018-04-18CVE-2018-1000161: nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can…
PriorityP426medium5.7CVSS 3.0
AVNACLPRLUIRSUCNIHAN
EPSS
1.04%
59.9th percentile
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nmap | < nmap 7.70+dfsg1-1 (bookworm) | nmap 7.70+dfsg1-1 (bookworm) |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | — | — |
| nmap | nmap | >= 0 < 7.70+dfsg1-1 | 7.70+dfsg1-1 |
| nmap | nmap | >= 0 < 7.70+dfsg1-1 | 7.70+dfsg1-1 |
| nmap | nmap | >= 0 < 7.70+dfsg1-1 | 7.70+dfsg1-1 |
| nmap | nmap | >= 0 < 7.70+dfsg1-1 | 7.70+dfsg1-1 |
CVSS provenance
nvdv3.05.7MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.7MEDIUM
vendor_debian5.7MEDIUM
vendor_redhat5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-463f-727w-pqp7: nmap version 6
ghsa_unreviewed·2022-05-14
CVE-2018-1000161 [MEDIUM] CWE-22 GHSA-463f-727w-pqp7: nmap version 6
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.
OSV
CVE-2018-1000161: nmap version 6
osv·2018-04-18·CVSS 5.7
CVE-2018-1000161 [MEDIUM] CVE-2018-1000161: nmap version 6
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.
Red Hat
nmap: directory traversal in the way the non-default http-fetch script sanitized URLs
vendor_redhat·2018-03-20·CVSS 5.7
CVE-2018-1000161 [MEDIUM] CWE-22 nmap: directory traversal in the way the non-default http-fetch script sanitized URLs
nmap: directory traversal in the way the non-default http-fetch script sanitized URLs
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.
Package: nmap (Red Hat Enterprise Linux 5) - Not affected
Package: nmap (Red Hat Enterprise Linux 6) - Not affected
Package: nmap (Red Hat Enterprise Linux 7) - Not affected
Package: nmap (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-1000161: nmap - nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 cont...
vendor_debian·2018·CVSS 5.7
CVE-2018-1000161 [MEDIUM] CVE-2018-1000161: nmap - nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 cont...
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.
Scope: local
bookworm: resolved (fixed in 7.70+dfsg1-1)
bullseye: resolved (fixed in 7.70+dfsg1-1)
forky: resolved (fixed in 7.70+dfsg1-1)
sid: resolved (fixed in 7.70+dfsg1-1)
trixie: resolved (fixed in 7.70+dfsg1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-1000161 nmap: directory traversal in the way the non-default http-fetch script sanitized URLs [fedora-all]
bugzilla·2018-03-23·CVSS 5.7
CVE-2018-1000161 [MEDIUM] CVE-2018-1000161 nmap: directory traversal in the way the non-default http-fetch script sanitized URLs [fedora-all]
CVE-2018-1000161 nmap: directory traversal in the way the non-default http-fetch script sanitized URLs [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this iss
Bugzilla
CVE-2018-1000161 nmap: directory traversal in the way the non-default http-fetch script sanitized URLs
bugzilla·2018-03-23·CVSS 5.7
CVE-2018-1000161 [MEDIUM] CVE-2018-1000161 nmap: directory traversal in the way the non-default http-fetch script sanitized URLs
CVE-2018-1000161 nmap: directory traversal in the way the non-default http-fetch script sanitized URLs
A flaw was found in Nmap before 7.70. A directory traversal vulnerability in the way the non-default http-fetch script sanitized URLs. If a user manually ran this NSE script with against a malicious web server, the server could potentially (depending on NSE arguments used) cause files to be saved outside the intended destination directory. Existing files couldn't be overwritten.
References:
https://nmap.org/changelog#7.70
Discussion:
Created nmap tracking bugs for this issue:
Affects: fedora-all [bug 1560006]
2018-04-18
Published