National Cyber Awareness System

Vulnerability Summary for CVE-2008-0656

Overview

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2008-0439

Hyperlink:http://www.vupen.com/english/advisories/2008/0439

External Source: SECTRACK

Name: 1019305

Hyperlink:http://www.securitytracker.com/id?1019305

External Source: BID

Name: 27632

Hyperlink:http://www.securityfocus.com/bid/27632

External Source: BUGTRAQ

Name: 20080205 CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/487603/100/0/threaded

External Source: MISC

Name: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf

Hyperlink:http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf

External Source: SECUNIA

Name: 28810

Type: Advisory

Hyperlink:http://secunia.com/advisories/28810

External Source: SREASON

Name: 3626

Hyperlink:http://securityreason.com/securityalert/3626