Miggo Logo

CVE-2013-1939: SabreDAV Directory Traversal vulnerability

N/A

CVSS Score

Basic Information

EPSS Score
0.45853%
Published
5/14/2022
Updated
2/7/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
sabre/davcomposer>= 1.7.0, < 1.7.71.7.7
sabre/davcomposer>= 1.8.0, < 1.8.51.8.5
sabre/davcomposer>= 1.6.0, < 1.6.91.6.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper path separator handling in the HTML/Browser plugin on Windows. The serveAsset method is the primary function responsible for serving files through the web interface in SabreDAV's Browser plugin. Since the advisory specifically mentions improper checking of path separators in the base path, this function would be responsible for validating and serving requested assets. The lack of backslash normalization would allow path traversal via Windows-style separators. The confidence is high because: 1) The vulnerability is explicitly tied to the Browser plugin 2) serveAsset is the core file-serving mechanism 3) Path traversal vulnerabilities in web interfaces typically originate from request handling functions like this.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *TML\*rows*r plu*in in S**r***V ***or* *.*.*, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.*, *s us** in own*lou*, w**n runnin* on Win*ows, *o*s not prop*rly ****k p*t* s*p*r*tors in t** **s* p*t*, w*i** *llows r*mot* *tt**k*rs to r*** *r*itr*ry *il*

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* s*p*r*tor **n*lin* in t** *TML/*rows*r plu*in on Win*ows. T** s*rv**ss*t m*t*o* is t** prim*ry *un*tion r*sponsi*l* *or s*rvin* *il*s t*rou** t** w** int*r**** in S**r***V's *rows*r plu*in. Sin** t** **visor