{ "dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": { "cveId": "CVE-2019-25087", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2022-12-27T08:41:11.243Z", "datePublished": "2022-12-27T08:42:42.309Z", "dateUpdated": "2024-11-19T19:47:57.738Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-27T08:42:42.309Z" }, "title": "RamseyK httpserver URI ResourceHost.cpp getResource path traversal", "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-24", "lang": "en", "description": "CWE-24 Path Traversal: '../filedir'" } ] } ], "affected": [ { "vendor": "RamseyK", "product": "httpserver", "versions": [ { "version": "n/a", "status": "affected" } ], "modules": [ "URI Handler" ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863." }, { "lang": "de", "value": "Eine Schwachstelle wurde in RamseyK httpserver ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion ResourceHost::getResource der Datei src/ResourceHost.cpp der Komponente URI Handler. Durch das Beeinflussen des Arguments uri mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Patch wird als 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen." } ], "metrics": [ { "cvssV3_1": { "version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM" } }, { "cvssV3_0": { "version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM" } } ], "timeline": [ { "time": "2022-12-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed" }, { "time": "2022-12-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created" }, { "time": "2022-12-27T09:47:39.000Z", "lang": "en", "value": "VulDB last update" } ], "references": [ { "url": "https://vuldb.com/?id.216863", "tags": [ "vdb-entry", "technical-description" ] }, { "url": "https://vuldb.com/?ctiid.216863", "tags": [ "signature", "permissions-required" ] }, { "url": "https://github.com/RamseyK/httpserver/commit/1a0de56e4dafff9c2f9c8f6b130a764f7a50df52", "tags": [ "patch" ] } ] }, "adp": [ { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:00:19.215Z" }, "title": "CVE Program Container", "references": [ { "url": "https://vuldb.com/?id.216863", "tags": [ "vdb-entry", "technical-description", "x_transferred" ] }, { "url": "https://vuldb.com/?ctiid.216863", "tags": [ "signature", "permissions-required", "x_transferred" ] }, { "url": "https://github.com/RamseyK/httpserver/commit/1a0de56e4dafff9c2f9c8f6b130a764f7a50df52", "tags": [ "patch", "x_transferred" ] } ] }, { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2024-11-19T19:47:46.694968Z", "id": "CVE-2019-25087", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-19T19:47:57.738Z" } } ] } }