CVE-2009-2265: Path Traversal
First published: Sun Jul 05 2009(Updated: )
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wicked | <=2.6.4 | |
| Wicked | =2.0 | |
| Wicked | =2.0_fc | |
| Wicked | =2.0_rc2 | |
| Wicked | =2.0rc2 | |
| Wicked | =2.0rc3 | |
| Wicked | =2.1 | |
| Wicked | =2.1.1 | |
| Wicked | =2.2 | |
| Wicked | =2.3 | |
| Wicked | =2.3-beta | |
| Wicked | =2.3.1 | |
| Wicked | =2.3.2 | |
| Wicked | =2.3.3 | |
| Wicked | =2.4 | |
| Wicked | =2.4.1 | |
| Wicked | =2.4.2 | |
| Wicked | =2.4.3 | |
| Wicked | =2.5 | |
| Wicked | =2.5-beta | |
| Wicked | =2.5.1 | |
| Wicked | =2.6 | |
| Wicked | =2.6.1 | |
| Wicked | =2.6.2 | |
| Wicked | =2.6.3 | |
| Wicked | =2.6.3-beta | |
| Wicked | =2.6.4-beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ocert.org/advisories/ocert-2009-007.html
- http://isc.sans.org/diary.html?storyid=6724
- http://www.securitytracker.com/id?1022513
- http://sourceforge.net/project/shownotes.php?release_id=695430
- http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html
- http://www.debian.org/security/2009/dsa-1836
- http://www.vupen.com/english/advisories/2009/1825
- http://secunia.com/advisories/35833
- http://www.vupen.com/english/advisories/2009/1813
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html
- http://secunia.com/advisories/35909
- http://www.securityfocus.com/archive/1/504721/100/0/threaded
- http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html
Frequently Asked Questions
What are the potential impacts of CVE-2009-2265?
CVE-2009-2265 allows remote attackers to create executable files in arbitrary directories, leading to potential remote code execution.
What versions of FCKeditor are affected by CVE-2009-2265?
CVE-2009-2265 affects multiple versions of FCKeditor prior to 2.6.4.1, including versions 2.4 to 2.6.4.
How can I fix CVE-2009-2265?
To fix CVE-2009-2265, upgrade FCKeditor to version 2.6.4.1 or later.
How does CVE-2009-2265 exploit directory traversal vulnerabilities?
CVE-2009-2265 exploits directory traversal vulnerabilities by using special character sequences in user inputs to access unauthorized directories.
Is CVE-2009-2265 still a relevant threat today?
While CVE-2009-2265 is an older vulnerability, it remains relevant for legacy systems still using vulnerable versions of FCKeditor.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/fckeditor
- canonical/wicked
- version/wicked/2.6.4
- version/wicked/2.0
- version/wicked/2.0_fc
- version/wicked/2.0_rc2
- version/wicked/2.0rc2
- version/wicked/2.0rc3
- version/wicked/2.1
- version/wicked/2.1.1
- version/wicked/2.2
- version/wicked/2.3
- version/wicked/2.3-beta
- version/wicked/2.3.1
- version/wicked/2.3.2
- version/wicked/2.3.3
- version/wicked/2.4
- version/wicked/2.4.1
- version/wicked/2.4.2
- version/wicked/2.4.3
- version/wicked/2.5
- version/wicked/2.5-beta
- version/wicked/2.5.1
- version/wicked/2.6
- version/wicked/2.6.1
- version/wicked/2.6.2
- version/wicked/2.6.3
- version/wicked/2.6.3-beta
- version/wicked/2.6.4-beta