Arj Archiver
CVE-2015-0556
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:N/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:N/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
AnalysisAI
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-59. Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. Affected products include: Arj Software Arj Archiver, Fedoraproject Fedora.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Arj Archiver
View allOpen-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to c
Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or poss
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today