Vulnerabilities > CVE-2002-2050 - Unspecified vulnerability in Modlogan

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

modlogan

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry.

Vulnerable Configurations

Part	Description	Count
Application	Modlogan Modlogan Modlogan 0.5 Modlogan Modlogan 0.5.6 Modlogan Modlogan 0.5.7 Modlogan Modlogan 0.6 Modlogan Modlogan 0.7.11	5

References

http://jan.kneschke.de/projects/modlogan/download/ChangeLog
http://www.iss.net/security_center/static/7848.php
http://www.securityfocus.com/bid/3821