Opentools Attachment Mod多个远程漏洞

漏洞信息详情

Opentools Attachment Mod多个远程漏洞

• CNNVD编号：CNNVD-200412-1076
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-1404
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  opentools
• 漏洞来源：
  Discovery of the d…

phpBB的Attachment Mod 2.3.10模块在和Apache mod_mime一起使用时，不能正确处理具有多个扩展件的文件，例如 .php.rar，远程攻击者可以借助该漏洞上传和执行任意代码。

The vendor has released an update to address these issues:
Opentools Attachment Mod 2.3.10

• Opentools Attachment Mod 2.3.11
  
  http://sourceforge.net/project/showfiles.php?group_id=66311

Opentools Attachment Mod 2.3.4

• Opentools Attachment Mod 2.3.11
  
  http://sourceforge.net/project/showfiles.php?group_id=66311

Opentools Attachment Mod 2.3.5

• Opentools Attachment Mod 2.3.11
  
  http://sourceforge.net/project/showfiles.php?group_id=66311

Opentools Attachment Mod 2.3.6

• Opentools Attachment Mod 2.3.11
  
  http://sourceforge.net/project/showfiles.php?group_id=66311

Opentools Attachment Mod 2.3.7

• Opentools Attachment Mod 2.3.11
  
  http://sourceforge.net/project/showfiles.php?group_id=66311

Opentools Attachment Mod 2.3.8

• Opentools Attachment Mod 2.3.11
  
  http://sourceforge.net/project/showfiles.php?group_id=66311

Opentools Attachment Mod 2.3.9

• Opentools Attachment Mod 2.3.11
  
  http://sourceforge.net/project/showfiles.php?group_id=66311

来源: BID
名称: 11893
链接:http://www.securityfocus.com/bid/11893

来源: www.opentools.de
链接:http://www.opentools.de/board/viewtopic.php?t=3590

来源: SECUNIA
名称: 13421
链接:http://secunia.com/advisories/13421/

来源: BUGTRAQ
名称: 20041216 STG Security Advisory: [SSA-20041215-18] Vulnerability of uploading files with multiple extensions in phpBB Attachment Mod
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110321557806215&w=2

来源: XF
名称: attachment-mod-file-upload(18438)
链接:http://xforce.iss.net/xforce/xfdb/18438