Path Traversal in Contec Sv-cpt-mc310
CVE-2014-2324
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.717 (98.8th percentile) — read the EPSS interpretation.
Affected products
- Contec Sv-cpt-mc310
- Contec Sv-cpt-mc310_firmware
- Lighttpd
- Debian Debian_linux — versions 6.0, 7.0, 8.0
- Opensuse — versions 11.4, 12.3, 13.1
- Suse Linux_enterprise_high_availability_extension — versions 11
- Suse Linux_enterprise_software_development_kit — versions 11
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 66157 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Vendor Advisory)
- DSA-2877 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- openSUSE-SU-2014:0449 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- 57514 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- HPSBGN03191 (x_refsource_HP, vendor-advisory, Mailing List, Third Party Advisory)
- openSUSE-SU-2014:0496 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- SUSE-SU-2014:0474 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- 57404 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
Frequently asked questions
- What is CVE-2014-2324?
- CVE-2014-2324 is a vulnerability in Contec Sv-cpt-mc310, classified under Path Traversal. Published 2014-03-14.
- Is CVE-2014-2324 known to be exploited?
- 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.