製品・ソフトウェアに関する情報

JVN脆弱性詳細

DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC におけるディレクトリトラバーサルの脆弱性

Title	DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC におけるディレクトリトラバーサルの脆弱性
Summary	DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC の File Manager コンポーネントには、ディレクトリトラバーサルの脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、.. (ドットドット) を含む __EVENTARGUMENT パラメータを介して、任意のファイルを読まれる、または書き込まれる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 17, 2014, midnight
Registration Date	June 10, 2014, 4:10 p.m.
Last Update	June 10, 2014, 4:10 p.m.

CVSS2.0 : 警告
Score	6.5
Vector	AV:N/AC:L/Au:S/C:P/I:P/A:P

Affected System

Developer Express

DevExpress ASPxFileManager Control for WebForms and MVC 10.2.3 以上 13.1.10 未満

DevExpress ASPxFileManager Control for WebForms and MVC 13.2.9 未満の 13.2.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-2575	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2575
National Vulnerability Database (NVD)
2	CVE-2014-2575	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2575

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
DevExpress
1	Security Advisory for the DevExpress ASPxFileManager Control (WebForms and MVC)	http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2

Change Log

No	Changed Details	Date of change
0	[2014年06月10日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-2575

Summary	Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
Publication Date	June 6, 2014, 11:55 p.m.
Registration Date	Jan. 26, 2021, 3:09 p.m.
Last Update	Nov. 21, 2024, 11:06 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.7:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.13:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc::::::::		13.1.9
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.4:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.7:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.10:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.11:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.10:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.12:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.7:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.4:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.9:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.12:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.4:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.4:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.15:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.4:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.11:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.13:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.9:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.3:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.7:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.12:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.11:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.12:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.10:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.7:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.11:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.14:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.16:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.11:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.10:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.10:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.9:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.7:::::::*

Related information, measures and tools

No	URL	タグ
1	http://osvdb.org/show/osvdb/107742
2	http://osvdb.org/show/osvdb/107742
3	http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html
4	http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html
5	http://seclists.org/fulldisclosure/2014/Jun/24	Exploit
6	http://seclists.org/fulldisclosure/2014/Jun/24	Exploit
7	http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2	Vendor Advisory
8	http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2	Vendor Advisory
9	http://www.exploit-db.com/exploits/33700
10	http://www.exploit-db.com/exploits/33700
11	http://www.securityfocus.com/archive/1/532304/100/0/threaded
12	http://www.securityfocus.com/archive/1/532304/100/0/threaded
13	http://www.securityfocus.com/bid/67902
14	http://www.securityfocus.com/bid/67902
15	https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager	Exploit
16	https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager	Exploit

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.7:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.13:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc::::::::		13.1.9
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.4:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.7:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.10:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.11:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.10:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.12:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.7:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.4:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.9:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.12:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.4:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.4:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.15:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.4:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.11:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.13:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.9:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.3:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.7:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.12:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.11:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.12:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.10:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.7:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.11:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.14:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.6:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.16:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.11:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.10:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.10:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.2:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.1.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.2.5:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:13.1.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:11.1.9:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:10.2.8:::::::*
cpe:2.3:a:devexpress:aspxfilemanager_control_for_webforms_and_mvc:12.2.7:::::::*