CVE-2019-19790 - Vulnerability Details - OpenCVE

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Telerik	Radchart Ui For Asp.net Ajax

Configuration 1 [-]

OR	cpe:2.3:a:telerik:radchart::::::::
	cpe:2.3:a:telerik:ui_for_asp.net_ajax:-:::::::*

No data.

References

Link	Providers
https://docs.telerik.com/devtools/aspnet-ajax/controls/chart/overview
https://www.telerik.com/forums/-620f6977edef
https://www.telerik.com/forums/path-traversal-vulnerability-in-radchart-image-handler

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-13T17:06:38

Updated: 2024-08-05T02:25:12.691Z

Reserved: 2019-12-13T00:00:00

Link: CVE-2019-19790

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-12-13T18:15:11.403

Modified: 2024-11-21T04:35:23.497

Link: CVE-2019-19790

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-16T16:01:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.telerik.com/forums/path-traversal-vulnerability-in-radchart-image-handler"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.telerik.com/devtools/aspnet-ajax/controls/chart/overview"}, {"tags": ["x_refsource_MISC"], "url": "https://www.telerik.com/forums/-620f6977edef"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.telerik.com/forums/path-traversal-vulnerability-in-radchart-image-handler", "refsource": "MISC", "url": "https://www.telerik.com/forums/path-traversal-vulnerability-in-radchart-image-handler"}, {"name": "https://docs.telerik.com/devtools/aspnet-ajax/controls/chart/overview", "refsource": "MISC", "url": "https://docs.telerik.com/devtools/aspnet-ajax/controls/chart/overview"}, {"name": "https://www.telerik.com/forums/-620f6977edef", "refsource": "MISC", "url": "https://www.telerik.com/forums/-620f6977edef"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:25:12.691Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.telerik.com/forums/path-traversal-vulnerability-in-radchart-image-handler"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.telerik.com/devtools/aspnet-ajax/controls/chart/overview"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.telerik.com/forums/-620f6977edef"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19790", "datePublished": "2019-12-13T17:06:38", "dateReserved": "2019-12-13T00:00:00", "dateUpdated": "2024-08-05T02:25:12.691Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:telerik:radchart:*:*:*:*:*:*:*:*", "matchCriteriaId": "41EDAD17-129D-423E-9B40-565EDF0F7003", "vulnerable": true}, {"criteria": "cpe:2.3:a:telerik:ui_for_asp.net_ajax:-:*:*:*:*:*:*:*", "matchCriteriaId": "D880D981-F7D3-40C7-A581-8553C570587F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler)."}, {"lang": "es", "value": "El salto de ruta en RadChart en la interfaz de usuario de Telerik para ASP.NET AJAX permite a un atacante remoto leer y eliminar una imagen con extensi\u00f3n .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF o .WMF en el servidor por medio de una petici\u00f3n especialmente dise\u00f1ada. NOTA: RadChart fue descontinuada en 2014 a favor de RadHtmlChart. Todas las versiones de RadChart se vieron afectadas. Para impedir esta vulnerabilidad, debe eliminar el controlador HTTP de RadChart de un archivo web.config (su tipo es Telerik.Web.UI.ChartHttpHandler)."}], "id": "CVE-2019-19790", "lastModified": "2024-11-21T04:35:23.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-13T18:15:11.403", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.telerik.com/devtools/aspnet-ajax/controls/chart/overview"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.telerik.com/forums/-620f6977edef"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.telerik.com/forums/path-traversal-vulnerability-in-radchart-image-handler"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.telerik.com/devtools/aspnet-ajax/controls/chart/overview"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.telerik.com/forums/-620f6977edef"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.telerik.com/forums/path-traversal-vulnerability-in-radchart-image-handler"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}