Vulnerability-Lookup

CVE-2010-3450 (GCVE-0-2010-3450)

Vulnerability from cvelistv5 – Published: 2011-01-28 21:13 – Updated: 2024-08-07 03:11

Summary

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/40775	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/70711	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/46031	vdb-entryx_refsource_BID
	http://www.debian.org/security/2011/dsa-2151	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/60799	third-party-advisoryx_refsource_SECUNIA
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.gentoo.org/security/en/glsa/glsa-20140…	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/43118	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/43065	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2011/0230	vdb-entryx_refsource_VUPEN
	http://www.securitytracker.com/id?1025002	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2011/0232	vdb-entryx_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2011-01…	vendor-advisoryx_refsource_REDHAT
	http://ubuntu.com/usn/usn-1056-1	vendor-advisoryx_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2011-01…	vendor-advisoryx_refsource_REDHAT
	http://www.vupen.com/english/advisories/2011/0279	vdb-entryx_refsource_VUPEN
	http://www.openoffice.org/security/cves/CVE-2010-…	x_refsource_CONFIRM
	http://secunia.com/advisories/43105	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://bugzilla.redhat.com/show_bug.cgi?id=602324	x_refsource_CONFIRM
	http://secunia.com/advisories/42999	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.122Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40775"
          },
          {
            "name": "70711",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70711"
          },
          {
            "name": "46031",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46031"
          },
          {
            "name": "DSA-2151",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2151"
          },
          {
            "name": "60799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60799"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
          },
          {
            "name": "GLSA-201408-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
          },
          {
            "name": "43118",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43118"
          },
          {
            "name": "43065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43065"
          },
          {
            "name": "ADV-2011-0230",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0230"
          },
          {
            "name": "1025002",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025002"
          },
          {
            "name": "ADV-2011-0232",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0232"
          },
          {
            "name": "RHSA-2011:0182",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
          },
          {
            "name": "USN-1056-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1056-1"
          },
          {
            "name": "RHSA-2011:0181",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
          },
          {
            "name": "ADV-2011-0279",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0279"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2010-3450.html"
          },
          {
            "name": "43105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43105"
          },
          {
            "name": "MDVSA-2011:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602324"
          },
          {
            "name": "42999",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42999"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-06T17:57:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "40775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40775"
        },
        {
          "name": "70711",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70711"
        },
        {
          "name": "46031",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46031"
        },
        {
          "name": "DSA-2151",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2151"
        },
        {
          "name": "60799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60799"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
        },
        {
          "name": "GLSA-201408-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
        },
        {
          "name": "43118",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43118"
        },
        {
          "name": "43065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43065"
        },
        {
          "name": "ADV-2011-0230",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0230"
        },
        {
          "name": "1025002",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025002"
        },
        {
          "name": "ADV-2011-0232",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0232"
        },
        {
          "name": "RHSA-2011:0182",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
        },
        {
          "name": "USN-1056-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1056-1"
        },
        {
          "name": "RHSA-2011:0181",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
        },
        {
          "name": "ADV-2011-0279",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0279"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2010-3450.html"
        },
        {
          "name": "43105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43105"
        },
        {
          "name": "MDVSA-2011:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602324"
        },
        {
          "name": "42999",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42999"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3450",
    "datePublished": "2011-01-28T21:13:00.000Z",
    "dateReserved": "2010-09-17T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:11:44.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2011-AVI-243

Vulnerability from certfr_avis - Published: 2011-04-21 - Updated: 2011-04-21

Une mise à jour émise par IBM corrige de nombreuses vulnérabilités dans IBM Lotus Symphony.

Description

IBM a publié le 20 avril 2011 un ensemble de mise à jour corrigeant de nombreuses vulnérabilités dans IBM Lotus Symphony.

Les vulnérabilités corrigées sont localisées dans OpenOffice.org et autorisent un utilisateur malintentionné à exécuter du code arbitraire à distance ou à supprimer des fichiers.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM Lotus Symphony 3.x

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM swg21496070 du 20 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eIBM Lotus Symphony 3.x\u003c/p\u003e",
  "content": "## Description\n\nIBM a publi\u00e9 le 20 avril 2011 un ensemble de mise \u00e0 jour corrigeant de\nnombreuses vuln\u00e9rabilit\u00e9s dans IBM Lotus Symphony.\n\nLes vuln\u00e9rabilit\u00e9s corrig\u00e9es sont localis\u00e9es dans OpenOffice.org et\nautorisent un utilisateur malintentionn\u00e9 \u00e0 ex\u00e9cuter du code arbitraire \u00e0\ndistance ou \u00e0 supprimer des fichiers.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
    },
    {
      "name": "CVE-2010-4643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4643"
    },
    {
      "name": "CVE-2010-3453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3453"
    },
    {
      "name": "CVE-2010-3451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3451"
    },
    {
      "name": "CVE-2010-3452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3452"
    },
    {
      "name": "CVE-2010-3454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3454"
    },
    {
      "name": "CVE-2010-4253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4253"
    },
    {
      "name": "CVE-2010-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3450"
    },
    {
      "name": "CVE-2010-3689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3689"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2010-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2935"
    }
  ],
  "initial_release_date": "2011-04-21T00:00:00",
  "last_revision_date": "2011-04-21T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-243",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une mise \u00e0 jour \u00e9mise par \u003cspan class=\"textit\"\u003eIBM\u003c/span\u003e corrige de\nnombreuses vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eIBM Lotus\nSymphony\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans IBM Lotus Symphony",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21496070 du 20 avril 2011",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21496070"
    }
  ]
}

CERTA-2011-AVI-039

Vulnerability from certfr_avis - Published: 2011-01-28 - Updated: 2011-02-01

De multiples vulnérabilités dans OpenOffice.org permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités ont été découvertes dans OpenOffice.org. Elle permettent à un utilisateur distant, par le biais d'un document malveillant, d'exécuter du code arbitraire avec les privilèges de l'application.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

OpenOffice.org, versions 3.x antérieures à la version 3.3.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité OpenOffice.org	None	vendor-advisory
Bulletin de sécurité Debian dsa-2151 du 26 janvier 2011 :	-	other
Bulletin de sécurité RedHat RHSA-2011-0181 du 28 janvier 2011 :	-	other
Bulletins de sécurité OpenOffice du 26 janvier 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eOpenOffice.org, versions 3.x  ant\u00e9rieures \u00e0 la version 3.3.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenOffice.org. Elle\npermettent \u00e0 un utilisateur distant, par le biais d\u0027un document\nmalveillant, d\u0027ex\u00e9cuter du code arbitraire avec les privil\u00e8ges de\nl\u0027application.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3702"
    },
    {
      "name": "CVE-2010-4494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
    },
    {
      "name": "CVE-2010-4643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4643"
    },
    {
      "name": "CVE-2010-3453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3453"
    },
    {
      "name": "CVE-2010-3451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3451"
    },
    {
      "name": "CVE-2010-3452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3452"
    },
    {
      "name": "CVE-2010-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2936"
    },
    {
      "name": "CVE-2010-3454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3454"
    },
    {
      "name": "CVE-2010-4253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4253"
    },
    {
      "name": "CVE-2010-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3450"
    },
    {
      "name": "CVE-2010-3689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3689"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2010-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2935"
    },
    {
      "name": "CVE-2010-3704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3704"
    }
  ],
  "initial_release_date": "2011-01-28T00:00:00",
  "last_revision_date": "2011-02-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-2151 du 26 janvier 2011 :",
      "url": "http://www.debian.org/security/2011/dsa-2151"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2011-0181 du 28 janvier    2011 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2011-0181.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 OpenOffice du 26 janvier 2011 :",
      "url": "http://www.openoffice.org/security/bulletin.html"
    }
  ],
  "reference": "CERTA-2011-AVI-039",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-28T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins des distributions Debian et RedHat.",
      "revision_date": "2011-02-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans OpenOffice.org permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenOffice.org",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenOffice.org",
      "url": null
    }
  ]
}

FKIE_CVE-2010-3450

Vulnerability from fkie_nvd - Published: 2011-01-28 22:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://osvdb.org/70711	Broken Link
secalert@redhat.com	http://secunia.com/advisories/40775	Broken Link
secalert@redhat.com	http://secunia.com/advisories/42999	Broken Link
secalert@redhat.com	http://secunia.com/advisories/43065	Broken Link
secalert@redhat.com	http://secunia.com/advisories/43105	Broken Link
secalert@redhat.com	http://secunia.com/advisories/43118	Broken Link
secalert@redhat.com	http://secunia.com/advisories/60799	Broken Link
secalert@redhat.com	http://ubuntu.com/usn/usn-1056-1	Third Party Advisory
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2151	Third Party Advisory
secalert@redhat.com	http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml	Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2011:027	Broken Link
secalert@redhat.com	http://www.openoffice.org/security/cves/CVE-2010-3450.html	Vendor Advisory
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-0181.html	Broken Link
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-0182.html	Broken Link
secalert@redhat.com	http://www.securityfocus.com/bid/46031	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securitytracker.com/id?1025002	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0230	Broken Link
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0232	Broken Link
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0279	Broken Link
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=602324	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70711	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40775	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42999	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43065	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43105	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43118	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60799	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://ubuntu.com/usn/usn-1056-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2151	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:027	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.openoffice.org/security/cves/CVE-2010-3450.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0181.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0182.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46031	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025002	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0230	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0232	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0279	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=602324	Issue Tracking, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
apache	openoffice	*
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	9.10
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	10.10
debian	debian_linux	5.0
debian	debian_linux	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03BF098-236A-4442-9EFA-A8BEB52CEE33",
              "versionEndExcluding": "3.3.0",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BD9DD2-B468-4732-ABB1-742D83709B54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de salto de directorio en OpenOffice.org (OOo) v2.x y v3.x anteriores a v3.3, permite a atacantes remotos a\u00f1adir y ejecutar comandos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro \"site\" a (1) index.php y (2) admin.php."
    }
  ],
  "id": "CVE-2010-3450",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-01-28T22:00:05.223",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/70711"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/40775"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/42999"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/43065"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/43105"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/43118"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-1056-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2151"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openoffice.org/security/cves/CVE-2010-3450.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/46031"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1025002"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0230"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0232"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0279"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/70711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/40775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/42999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/43065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/43105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/43118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-1056-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openoffice.org/security/cves/CVE-2010-3450.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/46031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1025002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602324"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-3450

Vulnerability from fstec - Published: 28.01.2011

Title

Уязвимость офисного пакета OpenOffice, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Description

Уязвимость офисного пакета OpenOffice связана с ошибкой перезаписи через ".. (две точки)" в файле, где активен фильтр XSLT JAR. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vendor

Novell Inc., Red Hat Inc., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Apache Software Foundation

Software Name

openSUSE, Red Hat Enterprise Linux, Debian GNU/Linux, SUSE Linux Enterprise Software Development Kit, Astra Linux Common Edition (запись в едином реестре российских программ №4433), Suse Linux Enterprise Desktop, SUSE Linux Enterprise SDK, OpenOffice, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications

Software Version

11.3 (openSUSE), 11.2 (openSUSE), 3 (Red Hat Enterprise Linux), 4 (Red Hat Enterprise Linux), 5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 2.12 «Орёл» (Astra Linux Common Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 10 SP3 (Suse Linux Enterprise Desktop), 11 SP1 (Suse Linux Enterprise Desktop), 10 SP3 (SUSE Linux Enterprise SDK), до 3.2 (OpenOffice), 10 SP3 (Suse Linux Enterprise Server), 10 SP3 (SUSE Linux Enterprise Server for SAP Applications), 11 SP1 (SUSE Linux Enterprise Software Development Kit)

Possible Mitigations

Использование рекомендаций: Для OpenOffice: Обновление программного обеспечения до 3.2 или более поздней версии Для Debian: Обновление программного обеспечения (пакета openoffice.org) до 3.2 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета openoffice.org) до 3.2 или более поздней версии Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2010-3450 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2010-3450/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2010-3450 https://security-tracker.debian.org/tracker/CVE-2010-3450 https://access.redhat.com/security/cve/CVE-2010-3450 https://www.suse.com/security/cve/CVE-2010-3450/

CWE

CWE-22

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Apache Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.3 (openSUSE), 11.2 (openSUSE), 3 (Red Hat Enterprise Linux), 4 (Red Hat Enterprise Linux), 5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 10 SP3 (Suse Linux Enterprise Desktop), 11 SP1 (Suse Linux Enterprise Desktop), 10 SP3 (SUSE Linux Enterprise SDK), \u0434\u043e 3.2 (OpenOffice), 10 SP3 (Suse Linux Enterprise Server), 10 SP3 (SUSE Linux Enterprise Server for SAP Applications), 11 SP1 (SUSE Linux Enterprise Software Development Kit)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f OpenOffice:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 3.2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openoffice.org) \u0434\u043e 3.2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openoffice.org) \u0434\u043e 3.2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2010-3450\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2010-3450/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.01.2011",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.06.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02896",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2010-3450",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE, Red Hat Enterprise Linux, Debian GNU/Linux, SUSE Linux Enterprise Software Development Kit, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Suse Linux Enterprise Desktop, SUSE Linux Enterprise SDK, OpenOffice, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. openSUSE 11.3 , Novell Inc. openSUSE 11.2 , Red Hat Inc. Red Hat Enterprise Linux 3 , Red Hat Inc. Red Hat Enterprise Linux 4 , Red Hat Inc. Red Hat Enterprise Linux 5 , Red Hat Inc. Red Hat Enterprise Linux 6 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. Suse Linux Enterprise Desktop 10 SP3 , Novell Inc. Suse Linux Enterprise Desktop 11 SP1 , Novell Inc. SUSE Linux Enterprise SDK 10 SP3 , Novell Inc. Suse Linux Enterprise Server 10 SP3 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0444\u0438\u0441\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 OpenOffice, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0444\u0438\u0441\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 OpenOffice \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u0438 \u0447\u0435\u0440\u0435\u0437 \".. (\u0434\u0432\u0435 \u0442\u043e\u0447\u043a\u0438)\" \u0432 \u0444\u0430\u0439\u043b\u0435, \u0433\u0434\u0435 \u0430\u043a\u0442\u0438\u0432\u0435\u043d \u0444\u0438\u043b\u044c\u0442\u0440 XSLT JAR. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2010-3450\nhttps://security-tracker.debian.org/tracker/CVE-2010-3450\nhttps://access.redhat.com/security/cve/CVE-2010-3450\nhttps://www.suse.com/security/cve/CVE-2010-3450/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,6)"
}

GHSA-5JVG-P3Q5-62MM

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-01-28T22:00:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.",
  "id": "GHSA-5jvg-p3q5-62mm",
  "modified": "2022-05-13T01:03:55Z",
  "published": "2022-05-13T01:03:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3450"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602324"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/70711"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40775"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42999"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43065"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43105"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43118"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-1056-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2151"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
    },
    {
      "type": "WEB",
      "url": "http://www.openoffice.org/security/cves/CVE-2010-3450.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46031"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025002"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0230"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0232"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0279"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2010-3450

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-3450

Aliases

CVE-2010-3450

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3450",
    "description": "Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.",
    "id": "GSD-2010-3450",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-3450.html",
      "https://www.debian.org/security/2011/dsa-2151",
      "https://access.redhat.com/errata/RHSA-2011:0183",
      "https://access.redhat.com/errata/RHSA-2011:0182",
      "https://access.redhat.com/errata/RHSA-2011:0181",
      "https://linux.oracle.com/cve/CVE-2010-3450.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3450"
      ],
      "details": "Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.",
      "id": "GSD-2010-3450",
      "modified": "2023-12-13T01:21:33.740406Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2010-3450",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/40775",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/40775"
          },
          {
            "name": "http://secunia.com/advisories/43105",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43105"
          },
          {
            "name": "http://secunia.com/advisories/60799",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/60799"
          },
          {
            "name": "http://ubuntu.com/usn/usn-1056-1",
            "refsource": "MISC",
            "url": "http://ubuntu.com/usn/usn-1056-1"
          },
          {
            "name": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml",
            "refsource": "MISC",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2011/0230",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2011/0230"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2011/0279",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2011/0279"
          },
          {
            "name": "http://secunia.com/advisories/42999",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42999"
          },
          {
            "name": "http://secunia.com/advisories/43065",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43065"
          },
          {
            "name": "http://secunia.com/advisories/43118",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43118"
          },
          {
            "name": "http://www.debian.org/security/2011/dsa-2151",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2011/dsa-2151"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
            "refsource": "MISC",
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-0181.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-0182.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/46031",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/46031"
          },
          {
            "name": "http://www.securitytracker.com/id?1025002",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1025002"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2011/0232",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2011/0232"
          },
          {
            "name": "http://osvdb.org/70711",
            "refsource": "MISC",
            "url": "http://osvdb.org/70711"
          },
          {
            "name": "http://www.openoffice.org/security/cves/CVE-2010-3450.html",
            "refsource": "MISC",
            "url": "http://www.openoffice.org/security/cves/CVE-2010-3450.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=602324",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602324"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.3.0",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-3450"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0232",
              "refsource": "VUPEN",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0232"
            },
            {
              "name": "http://www.openoffice.org/security/cves/CVE-2010-3450.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.openoffice.org/security/cves/CVE-2010-3450.html"
            },
            {
              "name": "46031",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/46031"
            },
            {
              "name": "DSA-2151",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2151"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=602324",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602324"
            },
            {
              "name": "ADV-2011-0230",
              "refsource": "VUPEN",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0230"
            },
            {
              "name": "43065",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/43065"
            },
            {
              "name": "42999",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/42999"
            },
            {
              "name": "43105",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/43105"
            },
            {
              "name": "USN-1056-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://ubuntu.com/usn/usn-1056-1"
            },
            {
              "name": "1025002",
              "refsource": "SECTRACK",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id?1025002"
            },
            {
              "name": "RHSA-2011:0181",
              "refsource": "REDHAT",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
            },
            {
              "name": "RHSA-2011:0182",
              "refsource": "REDHAT",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
            },
            {
              "name": "70711",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/70711"
            },
            {
              "name": "43118",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/43118"
            },
            {
              "name": "ADV-2011-0279",
              "refsource": "VUPEN",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0279"
            },
            {
              "name": "MDVSA-2011:027",
              "refsource": "MANDRIVA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
            },
            {
              "name": "GLSA-201408-19",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
            },
            {
              "name": "60799",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/60799"
            },
            {
              "name": "40775",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link"
              ],
              "url": "http://secunia.com/advisories/40775"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2022-02-07T17:02Z",
      "publishedDate": "2011-01-28T22:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-3450 (GCVE-0-2010-3450)

CERTA-2011-AVI-243

Description

Solution

CERTA-2011-AVI-039

Description

Solution

FKIE_CVE-2010-3450

CVE-2010-3450

GHSA-5JVG-P3Q5-62MM

GSD-2010-3450

Tags

Sightings

Nomenclature