CVE-2014-10073

NameCVE-2014-10073
DescriptionThe create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1361-1
NVD severitymedium (attack range: remote)
Debian Bugs896195

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
psensor (PTS)jessie1.1.3-2+deb8u1fixed
buster, sid, stretch1.1.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
psensorsource(unstable)1.1.5-1low896195
psensorsourcejessie1.1.3-2+deb8u1medium
psensorsourcewheezy0.6.2.17-2+deb7u1mediumDLA-1361-1

Notes

http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
Search for package or bug name: Reporting problems