VAR-201410-0029
Vulnerability from variot - Updated: 2025-04-13 23:27Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. Dell EqualLogicis prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks. Dell EqualLogic Firmware versions 6.0 through 6.0.3 are vulnerable. Dell EqualLogic PS4000 is a server disk array product of Dell (Dell), which integrates storage devices, blade servers and network devices into an expandable virtualized data center
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "equallogic ps4000",
"scope": "eq",
"trust": 2.4,
"vendor": "dell",
"version": "6.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006670"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1350"
},
{
"db": "NVD",
"id": "CVE-2013-3304"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:dell:equallogic_ps4000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006670"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mauricio Correa",
"sources": [
{
"db": "BID",
"id": "70760"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1350"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3304",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3304",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-63306",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3304",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-3304",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1350",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63306",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63306"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006670"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1350"
},
{
"db": "NVD",
"id": "CVE-2013-3304"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. Dell EqualLogicis prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. \nExploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks. \nDell EqualLogic Firmware versions 6.0 through 6.0.3 are vulnerable. Dell EqualLogic PS4000 is a server disk array product of Dell (Dell), which integrates storage devices, blade servers and network devices into an expandable virtualized data center",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3304"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006670"
},
{
"db": "BID",
"id": "70760"
},
{
"db": "VULHUB",
"id": "VHN-63306"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-63306",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63306"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3304",
"trust": 2.8
},
{
"db": "BID",
"id": "70760",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "35056",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006670",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1350",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-87374",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-63306",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63306"
},
{
"db": "BID",
"id": "70760"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006670"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1350"
},
{
"db": "NVD",
"id": "CVE-2013-3304"
}
]
},
"id": "VAR-201410-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63306"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:27:36.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EqualLogic PS4000E iSCSI SAN Storage",
"trust": 0.8,
"url": "http://www.dell.com/us/business/p/equallogic-ps4000e/pd"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006670"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63306"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006670"
},
{
"db": "NVD",
"id": "CVE-2013-3304"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.xlabs.com.br/blog/?p=50"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/70760"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/35056"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3304"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3304"
},
{
"trust": 0.3,
"url": "http://dell.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63306"
},
{
"db": "BID",
"id": "70760"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006670"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1350"
},
{
"db": "NVD",
"id": "CVE-2013-3304"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63306"
},
{
"db": "BID",
"id": "70760"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006670"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1350"
},
{
"db": "NVD",
"id": "CVE-2013-3304"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-63306"
},
{
"date": "2014-10-25T00:00:00",
"db": "BID",
"id": "70760"
},
{
"date": "2014-11-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006670"
},
{
"date": "2014-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1350"
},
{
"date": "2014-10-30T14:55:06.727000",
"db": "NVD",
"id": "CVE-2013-3304"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-63306"
},
{
"date": "2014-11-10T00:57:00",
"db": "BID",
"id": "70760"
},
{
"date": "2014-11-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006670"
},
{
"date": "2014-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1350"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2013-3304"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1350"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EqualLogic PS4000 Directory traversal vulnerability in some firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006670"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1350"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…