CVE-2012-3380 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wargio	Naxsi

Configuration 1 [-]

cpe:2.3:a:wargio:naxsi:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://code.google.com/p/naxsi/
http://code.google.com/p/naxsi/source/detail?r=307
http://secunia.com/advisories/49811
http://www.openwall.com/lists/oss-security/2012/07/05/1
http://www.openwall.com/lists/oss-security/2012/07/06/3
http://www.osvdb.org/83617

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-31T18:00:00Z

Updated: 2024-09-17T03:47:46.694Z

Reserved: 2012-06-14T00:00:00Z

Link: CVE-2012-3380

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-08-31T18:55:03.387

Modified: 2024-11-21T01:40:44.870

Link: CVE-2012-3380

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-31T18:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/07/05/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://code.google.com/p/naxsi/"}, {"tags": ["x_refsource_MISC"], "url": "http://code.google.com/p/naxsi/source/detail?r=307"}, {"name": "49811", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49811"}, {"name": "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/07/06/3"}, {"name": "83617", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/83617"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-3380", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/07/05/1"}, {"name": "http://code.google.com/p/naxsi/", "refsource": "CONFIRM", "url": "http://code.google.com/p/naxsi/"}, {"name": "http://code.google.com/p/naxsi/source/detail?r=307", "refsource": "MISC", "url": "http://code.google.com/p/naxsi/source/detail?r=307"}, {"name": "49811", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49811"}, {"name": "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/07/06/3"}, {"name": "83617", "refsource": "OSVDB", "url": "http://www.osvdb.org/83617"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.193Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/07/05/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://code.google.com/p/naxsi/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://code.google.com/p/naxsi/source/detail?r=307"}, {"name": "49811", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49811"}, {"name": "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/07/06/3"}, {"name": "83617", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/83617"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3380", "datePublished": "2012-08-31T18:00:00Z", "dateReserved": "2012-06-14T00:00:00Z", "dateUpdated": "2024-09-17T03:47:46.694Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wargio:naxsi:*:*:*:*:*:*:*:*", "matchCriteriaId": "82590000-E9C8-4907-B363-8568BA6E0C9A", "versionEndIncluding": "0.46", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de recorrido de directorio en naxsi-ui/nx_extract.py en el m\u00f3dulo Naxsi antes de v0.46-1 para Nginx permite a usuarios locales leer archivos de su elecci\u00f3n a trav\u00e9s de vectores no especificados.\r\n"}], "id": "CVE-2012-3380", "lastModified": "2024-11-21T01:40:44.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-31T18:55:03.387", "references": [{"source": "secalert@redhat.com", "url": "http://code.google.com/p/naxsi/"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://code.google.com/p/naxsi/source/detail?r=307"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49811"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/07/05/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/07/06/3"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/83617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://code.google.com/p/naxsi/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://code.google.com/p/naxsi/source/detail?r=307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49811"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/07/05/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/07/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/83617"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}