CVE-2004-1444
NONE EPSS 94.5%
Published Dec 31, 200421y ago · Modified Jun 16, 20262w ago
Published Dec 31, 2004 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.
Threat Intelligence
EPSS Exploit Probability
94.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 46
| Vendor | Product | Version | Range |
|---|---|---|---|
| roundup-tracker | roundup | * | ≤0.6.4 |
| roundup-tracker | roundup | 0.1.0 | any |
| roundup-tracker | roundup | 0.1.1 | any |
| roundup-tracker | roundup | 0.1.2 | any |
| roundup-tracker | roundup | 0.1.3 | any |
| roundup-tracker | roundup | 0.2.0 | any |
| roundup-tracker | roundup | 0.2.1 | any |
| roundup-tracker | roundup | 0.2.2 | any |
| roundup-tracker | roundup | 0.2.3 | any |
| roundup-tracker | roundup | 0.2.4 | any |
| roundup-tracker | roundup | 0.2.5 | any |
| roundup-tracker | roundup | 0.2.6 | any |
| roundup-tracker | roundup | 0.2.7 | any |
| roundup-tracker | roundup | 0.2.8 | any |
| roundup-tracker | roundup | 0.3.0 | any |
| roundup-tracker | roundup | 0.3.0 | any |
| roundup-tracker | roundup | 0.3.0 | any |
| roundup-tracker | roundup | 0.3.0 | any |
| roundup-tracker | roundup | 0.4.0 | any |
| roundup-tracker | roundup | 0.4.0 | any |
| roundup-tracker | roundup | 0.4.0 | any |
| roundup-tracker | roundup | 0.4.1 | any |
| roundup-tracker | roundup | 0.4.2 | any |
| roundup-tracker | roundup | 0.4.2 | any |
| roundup-tracker | roundup | 0.5 | any |
| roundup-tracker | roundup | 0.5.0 | any |
| roundup-tracker | roundup | 0.5.0 | any |
| roundup-tracker | roundup | 0.5.0 | any |
| roundup-tracker | roundup | 0.5.0 | any |
| roundup-tracker | roundup | 0.5.1 | any |
| roundup-tracker | roundup | 0.5.2 | any |
| roundup-tracker | roundup | 0.5.3 | any |
| roundup-tracker | roundup | 0.5.4 | any |
| roundup-tracker | roundup | 0.5.5 | any |
| roundup-tracker | roundup | 0.5.6 | any |
| roundup-tracker | roundup | 0.5.7 | any |
| roundup-tracker | roundup | 0.5.8 | any |
| roundup-tracker | roundup | 0.5.9 | any |
| roundup-tracker | roundup | 0.6.0 | any |
| roundup-tracker | roundup | 0.6.0 | any |
| roundup-tracker | roundup | 0.6.0 | any |
| roundup-tracker | roundup | 0.6.0 | any |
| roundup-tracker | roundup | 0.6.0 | any |
| roundup-tracker | roundup | 0.6.1 | any |
| roundup-tracker | roundup | 0.6.2 | any |
| roundup-tracker | roundup | 0.6.3 | any |
References 7
- packetstormsecurity.nl http://packetstormsecurity.nl/0406-exploits/roundUP.txt
- secunia.com http://secunia.com/advisories/11801/
- securitytracker.com http://securitytracker.com/id?1010415
- sourceforge.net http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml
- securityfocus.com http://www.securityfocus.com/bid/10495
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/16350
Remediation
- secunia.com http://secunia.com/advisories/11801/
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml
- securityfocus.com http://www.securityfocus.com/bid/10495