medium
6.8
Advisory Published
Updated

CVE-2013-4885

First published: Sat Oct 26 2013(Updated: )

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
libpcap<=6.25
libpcap=2.1-beta1
libpcap=2.2-beta2
libpcap=2.2-beta3
libpcap=2.2-beta4
libpcap=2.3-beta10
libpcap=2.3-beta12
libpcap=2.3-beta13
libpcap=2.3-beta14
libpcap=2.3-beta17
libpcap=2.3-beta18
libpcap=2.3-beta19
libpcap=2.3-beta20
libpcap=2.3-beta21
libpcap=2.3-beta4
libpcap=2.3-beta5
libpcap=2.3-beta6
libpcap=2.3-beta8
libpcap=2.3-beta9
libpcap=2.05
libpcap=2.06
libpcap=2.07
libpcap=2.08
libpcap=2.09
libpcap=2.10
libpcap=2.11
libpcap=2.12
libpcap=2.50
libpcap=2.51
libpcap=2.52
libpcap=2.53
libpcap=2.54-beta1
libpcap=2.54-beta16
libpcap=2.54-beta19
libpcap=2.54-beta2
libpcap=2.54-beta20
libpcap=2.54-beta21
libpcap=2.54-beta22
libpcap=2.54-beta24
libpcap=2.54-beta25
libpcap=2.54-beta26
libpcap=2.54-beta27
libpcap=2.54-beta28
libpcap=2.54-beta29
libpcap=2.54-beta3
libpcap=2.54-beta30
libpcap=2.54-beta31
libpcap=2.54-beta32
libpcap=2.54-beta33
libpcap=2.54-beta34
libpcap=2.54-beta35
libpcap=2.54-beta36
libpcap=2.54-beta37
libpcap=2.54-beta4
libpcap=2.54-beta5
libpcap=2.54-beta6
libpcap=2.54-beta7
libpcap=2.99-rc1
libpcap=2.99-rc2
libpcap=3.00
libpcap=3.10-alpha1
libpcap=3.10-alpha2
libpcap=3.10-alpha3
libpcap=3.10-alpha4
libpcap=3.10-alpha5
libpcap=3.10-alpha7
libpcap=3.10-alpha9
libpcap=3.15-beta1
libpcap=3.15-beta2
libpcap=3.15-beta3
libpcap=3.20
libpcap=3.25
libpcap=3.26
libpcap=3.27
libpcap=3.28
libpcap=3.30
libpcap=3.40-pvt1
libpcap=3.40-pvt10
libpcap=3.40-pvt11
libpcap=3.40-pvt12
libpcap=3.40-pvt13
libpcap=3.40-pvt14
libpcap=3.40-pvt15
libpcap=3.40-pvt16
libpcap=3.40-pvt17
libpcap=3.40-pvt2
libpcap=3.40-pvt3
libpcap=3.40-pvt4
libpcap=3.40-pvt6
libpcap=3.40-pvt7
libpcap=3.40-pvt8
libpcap=3.40-pvt9
libpcap=3.45
libpcap=3.48
libpcap=3.50
libpcap=3.55
libpcap=3.70
libpcap=3.75
libpcap=3.81
libpcap=3.90
libpcap=3.91
libpcap=3.93
libpcap=3.94-alpha1
libpcap=3.94-alpha2
libpcap=3.94-alpha3
libpcap=3.95
libpcap=3.96-beta1
libpcap=3.98-beta1
libpcap=3.99
libpcap=3.999
libpcap=3.9999
libpcap=4.00
libpcap=4.01
libpcap=4.02-alpha1
libpcap=4.02-alpha2
libpcap=4.03
libpcap=4.04-beta1
libpcap=4.10
libpcap=4.11
libpcap=4.20
libpcap=4.20-alpha1
libpcap=4.20-alpha10
libpcap=4.20-alpha11
libpcap=4.20-alpha2
libpcap=4.20-alpha3
libpcap=4.20-alpha4
libpcap=4.20-alpha5
libpcap=4.20-alpha6
libpcap=4.20-alpha7
libpcap=4.20-alpha8
libpcap=4.20-alpha9
libpcap=4.20-rc1
libpcap=4.20-rc2
libpcap=4.21-alpha1
libpcap=4.21-alpha2
libpcap=4.21-alpha3
libpcap=4.21-alpha4
libpcap=4.22-soc1
libpcap=4.22-soc2
libpcap=4.22-soc3
libpcap=4.22-soc5
libpcap=4.22-soc6
libpcap=4.22-soc7
libpcap=4.22-soc8
libpcap=4.49-rc1
libpcap=4.49-rc2
libpcap=4.49-rc3
libpcap=4.49-rc4
libpcap=4.49-rc5
libpcap=4.49-rc6
libpcap=4.49-rc7
libpcap=4.50
libpcap=4.51-beta
libpcap=4.52
libpcap=4.53
libpcap=4.60
libpcap=4.62
libpcap=4.65
libpcap=4.68
libpcap=4.75
libpcap=4.76
libpcap=4.85-beta1
libpcap=4.85-beta10
libpcap=4.85-beta2
libpcap=4.85-beta3
libpcap=4.85-beta4
libpcap=4.85-beta5
libpcap=4.85-beta6
libpcap=4.85-beta7
libpcap=4.85-beta8
libpcap=4.85-beta9
libpcap=4.90-rc1
libpcap=5.00
libpcap=5.10-beta1
libpcap=5.10-beta2
libpcap=5.20
libpcap=5.21
libpcap=5.30-beta1
libpcap=5.35-dc1
libpcap=5.50
libpcap=5.51
libpcap=5.59-beta1
libpcap=5.61-test1
libpcap=5.61-test2
libpcap=5.61-test4
libpcap=5.61-test5
libpcap=6.00
libpcap=6.01
libpcap=6.20-beta1
openSUSE=12.3

Remedy

https://github.com/drk1wi/portspoof/commit/1791fe4e2b9e5b5c8e000551ab60a64a29d924c3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2013-4885?

    CVE-2013-4885 has a medium severity level due to its potential for causing unauthorized file uploads.

  • How do I fix CVE-2013-4885?

    To fix CVE-2013-4885, upgrade to NMap versions 6.40 or later.

  • What types of systems are affected by CVE-2013-4885?

    CVE-2013-4885 affects multiple versions of NMap prior to 6.40.

  • What is the exploit mechanism for CVE-2013-4885?

    CVE-2013-4885 exploits directory traversal vulnerabilities in the http-domino-enum-passwords.nse script.

  • Can CVE-2013-4885 be exploited remotely?

    Yes, CVE-2013-4885 allows remote attackers to upload files through crafted parameters.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203