cvelistv5 - CVE-2008-0656

CVE-2008-0656 (GCVE-0-2008-0656)

Vulnerability from cvelistv5 – Published: 2008-02-07 20:00 – Updated: 2024-08-07 07:54

Summary

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.cybsec.com/vuln/CYBSEC-Security_Adviso…	x_refsource_MISC
	http://www.securitytracker.com/id?1019305	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/28810	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0439	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/27632	vdb-entryx_refsource_BID
	http://securityreason.com/securityalert/3626	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/archive/1/487603/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:54:22.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"
          },
          {
            "name": "1019305",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019305"
          },
          {
            "name": "28810",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28810"
          },
          {
            "name": "ADV-2008-0439",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0439"
          },
          {
            "name": "27632",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27632"
          },
          {
            "name": "3626",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3626"
          },
          {
            "name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"
        },
        {
          "name": "1019305",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019305"
        },
        {
          "name": "28810",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28810"
        },
        {
          "name": "ADV-2008-0439",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0439"
        },
        {
          "name": "27632",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27632"
        },
        {
          "name": "3626",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3626"
        },
        {
          "name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0656",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf",
              "refsource": "MISC",
              "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"
            },
            {
              "name": "1019305",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019305"
            },
            {
              "name": "28810",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28810"
            },
            {
              "name": "ADV-2008-0439",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0439"
            },
            {
              "name": "27632",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27632"
            },
            {
              "name": "3626",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3626"
            },
            {
              "name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0656",
    "datePublished": "2008-02-07T20:00:00",
    "dateReserved": "2008-02-07T00:00:00",
    "dateUpdated": "2024-08-07T07:54:22.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:4.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B830D50-91F4-40D7-8886-0355A5AD4FCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:5.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B666EFE-3B3D-400E-A792-BB037D120BBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCBD37-E635-4B26-B18B-2665CC01EFD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:5.3.0.313:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"269728EC-2AC7-4543-9D83-10AE44F85041\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_webtop:5.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FB76F58-E214-4275-91B2-3ABBCA94DCA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBF739EC-CBE5-4EA7-A793-12C53F51E53C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_webtop:5.3.0.317:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4ACB957D-EDE7-4DAF-A010-7EDE45BD0B24\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de actualizaci\\u00f3n de archivos sin restringir en dmclTrace.jsp en Documentum Administrator 5.3.0.313 y Webtop 5.3.0.317 permite a atacantes remotos sobrescribir archivos no especificados a trav\\u00e9s del atributo filename.\"}]",
      "id": "CVE-2008-0656",
      "lastModified": "2024-11-21T00:42:36.470",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-02-07T21:00:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/28810\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3626\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487603/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27632\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019305\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0439\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28810\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3626\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487603/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27632\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019305\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0439\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0656\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-02-07T21:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de actualizaci\u00f3n de archivos sin restringir en dmclTrace.jsp en Documentum Administrator 5.3.0.313 y Webtop 5.3.0.317 permite a atacantes remotos sobrescribir archivos no especificados a trav\u00e9s del atributo filename.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:4.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B830D50-91F4-40D7-8886-0355A5AD4FCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:5.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B666EFE-3B3D-400E-A792-BB037D120BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCBD37-E635-4B26-B18B-2665CC01EFD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:5.3.0.313:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"269728EC-2AC7-4543-9D83-10AE44F85041\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_webtop:5.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FB76F58-E214-4275-91B2-3ABBCA94DCA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBF739EC-CBE5-4EA7-A793-12C53F51E53C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_webtop:5.3.0.317:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ACB957D-EDE7-4DAF-A010-7EDE45BD0B24\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/28810\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3626\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/487603/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27632\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019305\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0439\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3626\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/487603/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-6FGQ-4C34-H75J

Vulnerability from github – Published: 2022-05-01 23:32 – Updated: 2022-05-01 23:32

Details

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0656"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-02-07T21:00:00Z",
    "severity": "HIGH"
  },
  "details": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.",
  "id": "GHSA-6fgq-4c34-h75j",
  "modified": "2022-05-01T23:32:10Z",
  "published": "2022-05-01T23:32:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0656"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28810"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3626"
    },
    {
      "type": "WEB",
      "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27632"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019305"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0439"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-0656

Vulnerability from fkie_nvd - Published: 2008-02-07 21:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28810	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3626
cve@mitre.org	http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf
cve@mitre.org	http://www.securityfocus.com/archive/1/487603/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27632
cve@mitre.org	http://www.securitytracker.com/id?1019305
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0439
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28810	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3626
af854a3a-2127-422b-91ae-364da2661108	http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487603/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27632
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019305
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0439

Impacted products

Vendor	Product	Version
emc	documentum_administrator	4.2.8
emc	documentum_administrator	5.2.5
emc	documentum_administrator	5.2.5_sp2
emc	documentum_administrator	5.3.0.313
emc	documentum_webtop	5.2.5
emc	documentum_webtop	5.2.5_sp2
emc	documentum_webtop	5.3.0.317

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B830D50-91F4-40D7-8886-0355A5AD4FCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B666EFE-3B3D-400E-A792-BB037D120BBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCBD37-E635-4B26-B18B-2665CC01EFD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:5.3.0.313:*:*:*:*:*:*:*",
              "matchCriteriaId": "269728EC-2AC7-4543-9D83-10AE44F85041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB76F58-E214-4275-91B2-3ABBCA94DCA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF739EC-CBE5-4EA7-A793-12C53F51E53C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:5.3.0.317:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ACB957D-EDE7-4DAF-A010-7EDE45BD0B24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de actualizaci\u00f3n de archivos sin restringir en dmclTrace.jsp en Documentum Administrator 5.3.0.313 y Webtop 5.3.0.317 permite a atacantes remotos sobrescribir archivos no especificados a trav\u00e9s del atributo filename."
    }
  ],
  "id": "CVE-2008-0656",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-07T21:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28810"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3626"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27632"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019305"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0439"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2008-0656

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

Aliases

CVE-2008-0656

Aliases

CVE-2008-0656

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0656",
    "description": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.",
    "id": "GSD-2008-0656"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0656"
      ],
      "details": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.",
      "id": "GSD-2008-0656",
      "modified": "2023-12-13T01:22:58.855744Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0656",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf",
            "refsource": "MISC",
            "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"
          },
          {
            "name": "1019305",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019305"
          },
          {
            "name": "28810",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28810"
          },
          {
            "name": "ADV-2008-0439",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0439"
          },
          {
            "name": "27632",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27632"
          },
          {
            "name": "3626",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3626"
          },
          {
            "name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:4.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:5.2.5_sp2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:5.3.0.317:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:5.3.0.313:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:5.2.5_sp2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0656"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf"
            },
            {
              "name": "27632",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27632"
            },
            {
              "name": "1019305",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019305"
            },
            {
              "name": "28810",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28810"
            },
            {
              "name": "3626",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3626"
            },
            {
              "name": "ADV-2008-0439",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0439"
            },
            {
              "name": "20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/487603/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T22:02Z",
      "publishedDate": "2008-02-07T21:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0656 (GCVE-0-2008-0656)

GHSA-6FGQ-4C34-H75J

FKIE_CVE-2008-0656

GSD-2008-0656

Tags

Sightings

Nomenclature