CVE-2007-2836

Published: 2 July 2007

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.

Priority

Status

Package	Release	Status
hiki Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	edgy	Ignored (end of life, was needed)
	feisty	Ignored (end of life, was needed)
	gutsy	Not vulnerable
	hardy	Not vulnerable
	intrepid	Not vulnerable
	jaunty	Not vulnerable
	karmic	Not vulnerable
	upstream	Needs triage

References

https://www.cve.org/CVERecord?id=CVE-2007-2836
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.