[Japanese]

JVNDB-2008-000078

CGI RESCUE MiniBBS2000 directory traversal vulnerability

Overview

MiniBBS2000 from CGI RESCUE contains a directory traversal vulnerability.

MiniBBS2000, a message board script provided by CGI RESCUE, contains a directory traversal vulnerability.

The vendor reported that the downloadable files addressing this vulnerability were incorrect (v1.02). Files currently available are version v1.03, where this vulnerability has been fixed. For more information, refer to the vendor's website.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


CGI RESCUE
  • KanniBBS2000 v1.02 and earlier
  • KanniBBS2000i v1.02 and earlier

Impact

A remote attacker could view files on the server where MiniBBS2000 is installed. This could lead to disclosure of file contents.
Solution

[Update the Software]
Update to the latest version according to the information provided by the vendor.
Vendor Information

CGI RESCUE
CWE (What is CWE?)

  1. Path Traversal(CWE-22) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2008-5723
References

  1. JVN : JVN#86833991
  2. National Vulnerability Database (NVD) : CVE-2008-5723
  3. JVN iPedia (Japanese) : JVNDB-2008-000078
Revision History

  • [2008/11/26]
      Web page published
    [2009/04/30]
    The product name was changed to MiniBBS2000 from KanniBBS2000.

Date Public2008/11/21
Date First Published2008/11/26
Date Last Updated2009/04/30