[Japanese]

JVNDB-2009-000084

P forum vulnerable to directory traversal

Overview

P forum from Rocomotion contains a directory traversal vulnerability.

P forum from Rocomotion is a bulletin board software. P forum contains a directory traversal vulnerability.

Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products

Rocomotion
  • P forum 1.27 and earlier
Impact

A remote attacker could view an arbitrary file on the server.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.
This vulnerability has been addressed and an updated version (1.28) was released on October 30, 2009.
Vendor Information

Rocomotion
References

  1. JVN : JVN#00152874
  2. National Vulnerability Database (NVD) : CVE-2009-4383
  3. Common Vulnerabilities and Exposures (CVE) : CVE-2009-4383
  4. Secunia Advisory : SA37691
  5. Common Weakness Enumeration (CWE) : Path Traversal (CWE-22) [IPA Evaluation]
Revision History

[2009/12/17]
  Web page published

Date Public2009/12/15
Date First Published2009/12/17
Date Last Updated2009/12/17