Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modlogan | modlogan | 0.5 |
| modlogan | modlogan | 0.5.6 |
| modlogan | modlogan | 0.6 |
| modlogan | modlogan | 0.7.11 |
| modlogan | modlogan | 0.5.7 |
The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| modlogan | modlogan | 0.5 |
| modlogan | modlogan | 0.5.6 |
| modlogan | modlogan | 0.6 |
| modlogan | modlogan | 0.7.11 |
| modlogan | modlogan | 0.5.7 |