Sign-up

ID

VAR-201806-1520


CVE

CVE-2018-3713


TITLE

Angular-http-server path traversal vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-11981 // CNNVD: CNNVD-201806-428

DESCRIPTION

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. Angular-http-server is an HTTP server for deploying single-page applications. There is a path traversal vulnerability in angular-http-server. The vulnerability stems from the lack of verification of possibleFilename by the program

Trust: 2.16

sources: NVD: CVE-2018-3713 // JVNDB: JVNDB-2018-005814 // CNVD: CNVD-2018-11981

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-11981

AFFECTED PRODUCTS

vendor:angular http servermodel:angular-http-serverscope: - version: -

Trust: 1.4

vendor:angular http servermodel:angular-http-serverscope:eqversion:*

Trust: 1.0

vendor:angular http servermodel:angular-http-serverscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2018-11981 // JVNDB: JVNDB-2018-005814 // CNNVD: CNNVD-201806-428 // NVD: CVE-2018-3713

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3713
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3713
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-11981
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-428
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-3713
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11981
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-3713
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-3713
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-11981 // JVNDB: JVNDB-2018-005814 // CNNVD: CNNVD-201806-428 // NVD: CVE-2018-3713

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2018-005814 // NVD: CVE-2018-3713

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-428

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201806-428

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005814

PATCH
title:angular-http-serverurl:https://www.npmjs.com/package/angular-http-server
Trust: 0.8
title:Angular-http-server path traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/132685
Trust: 0.6
title:angular-http-server Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80694
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11981 // 
            
            
            
            JVNDB: JVNDB-2018-005814 // 
            
            
            
            CNNVD: CNNVD-201806-428

EXTERNAL IDS
db:HACKERONEid:309120
Trust: 3.0
db:NVDid:CVE-2018-3713
Trust: 3.0
db:JVNDBid:JVNDB-2018-005814
Trust: 0.8
db:CNVDid:CNVD-2018-11981
Trust: 0.6
db:CNNVDid:CNNVD-201806-428
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11981 // 
            
            
            
            JVNDB: JVNDB-2018-005814 // 
            
            
            
            CNNVD: CNNVD-201806-428 // 
            
            
            
            NVD: CVE-2018-3713

REFERENCES
url:https://hackerone.com/reports/309120
Trust: 3.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3713
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3713
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-11981 // 
            
            
            
            JVNDB: JVNDB-2018-005814 // 
            
            
            
            CNNVD: CNNVD-201806-428 // 
            
            
            
            NVD: CVE-2018-3713

SOURCES
db:CNVDid:CNVD-2018-11981
db:JVNDBid:JVNDB-2018-005814
db:CNNVDid:CNNVD-201806-428
db:NVDid:CVE-2018-3713

LAST UPDATE DATE
2024-08-14T15:28:52.107000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11981date:2018-06-25T00:00:00
db:JVNDBid:JVNDB-2018-005814date:2018-07-31T00:00:00
db:CNNVDid:CNNVD-201806-428date:2019-10-17T00:00:00
db:NVDid:CVE-2018-3713date:2023-02-28T18:07:30.897

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-11981date:2018-06-25T00:00:00
db:JVNDBid:JVNDB-2018-005814date:2018-07-31T00:00:00
db:CNNVDid:CNNVD-201806-428date:2018-06-06T00:00:00
db:NVDid:CVE-2018-3713date:2018-06-07T02:29:07.927