CVE-2007-6483 MEDIUM

Published: 2007-12-20 | Last Modified: 2026-06-16 | Status: Modified

Description

Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.

Additional Descriptions (1)

Vulnerabilidad de salto de directorio en SafeNet Sentinel Protection Server 7.0.0 hasta 7.4.0 y versiones anteriores, y Sentinel Keys Server 1.0.3 y posiblemente versiones anteriores, permite a atacantes remotos leer ficheros de su elección mediante un .. (punto punto) en la cadena de consulta.

CVSS Metrics

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	PARTIAL
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-22

Affected Products

Vendor	Product	Version	Update	Type
safenet	sentinel_keys_server	1.0.3	<built-in method update of dict object at 0x7c3c40dd4380>	Application
safenet	sentinel_protection_server	7.0	<built-in method update of dict object at 0x7c3c476bc200>	Application
safenet	sentinel_protection_server	7.1	<built-in method update of dict object at 0x7c3c477f6e00>	Application
safenet	sentinel_protection_server	7.2	<built-in method update of dict object at 0x7c3bf1837500>	Application
safenet	sentinel_protection_server	7.3	<built-in method update of dict object at 0x7c3c40dd7c40>	Application
safenet	sentinel_protection_server	7.4	<built-in method update of dict object at 0x7c3bf3a1c340>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:safenet:sentinel_keys_server:1.0.3:::::::*`
Yes	`cpe:2.3:a:safenet:sentinel_protection_server:7.0:::::::*`
Yes	`cpe:2.3:a:safenet:sentinel_protection_server:7.1:::::::*`
Yes	`cpe:2.3:a:safenet:sentinel_protection_server:7.2:::::::*`
Yes	`cpe:2.3:a:safenet:sentinel_protection_server:7.3:::::::*`
Yes	`cpe:2.3:a:safenet:sentinel_protection_server:7.4:::::::*`

References

http://safenet-inc.com/support/files/SPI740SecurityPatch.zip
Source: [email protected]
http://secunia.com/advisories/27811
Source: [email protected]

Vendor Advisory
http://securityreason.com/securityalert/3471
Source: [email protected]
http://www.securityfocus.com/archive/1/484201/100/200/threaded
Source: [email protected]
http://www.securityfocus.com/archive/1/484224/100/200/threaded
Source: [email protected]
http://www.securityfocus.com/bid/26583
Source: [email protected]

Exploit Patch
http://www.securitytracker.com/id?1018992
Source: [email protected]

Exploit
http://www.vupen.com/english/advisories/2007/4011
Source: [email protected]
https://exchange.xforce.ibmcloud.com/vulnerabilities/38636
Source: [email protected]
https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01
Source: [email protected]
http://safenet-inc.com/support/files/SPI740SecurityPatch.zip
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/27811
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
http://securityreason.com/securityalert/3471
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/484201/100/200/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/484224/100/200/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/26583
Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch
http://www.securitytracker.com/id?1018992
Source: af854a3a-2127-422b-91ae-364da2661108

Exploit
http://www.vupen.com/english/advisories/2007/4011
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/38636
Source: af854a3a-2127-422b-91ae-364da2661108
https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01
Source: af854a3a-2127-422b-91ae-364da2661108