CVE-2008-0396

Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.

Published: Jan 23, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0396
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
bitdefender / update_server	-	-

http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/
http://secunia.com/advisories/28578
http://securityreason.com/securityalert/3568
http://www.oliverkarow.de/research/bitdefender.txt
http://www.securityfocus.com/archive/1/486701/100/0/threaded
http://www.securityfocus.com/bid/27358
http://www.vupen.com/english/advisories/2008/0213
https://exchange.xforce.ibmcloud.com/vulnerabilities/39802

Vulnerability Database

289,697

CVE-2008-0396