CVE-2013-4885

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2013-4885
StatePUBLISHED
Assignermitre
Source PriorityCVE Program / NVD first with legacy fallback
Published2013-10-26 17:55:03 UTC
Updated2026-04-29 01:13:23 UTC
DescriptionThe http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

Risk And Classification

Primary CVSS: v2.0 6.8 from [email protected]

AV:N/AC:M/Au:N/C:P/I:P/A:P

Problem Types: NVD-CWE-Other | n/a

CVSS v2.0 Breakdown

Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Nmap Nmap 2.05 All All All
Application Nmap Nmap 2.06 All All All
Application Nmap Nmap 2.07 All All All
Application Nmap Nmap 2.08 All All All
Application Nmap Nmap 2.09 All All All
Application Nmap Nmap 2.1 beta1 All All
Application Nmap Nmap 2.10 All All All
Application Nmap Nmap 2.11 All All All
Application Nmap Nmap 2.12 All All All
Application Nmap Nmap 2.2 beta2 All All
Application Nmap Nmap 2.2 beta3 All All
Application Nmap Nmap 2.2 beta4 All All
Application Nmap Nmap 2.3 beta10 All All
Application Nmap Nmap 2.3 beta12 All All
Application Nmap Nmap 2.3 beta13 All All
Application Nmap Nmap 2.3 beta14 All All
Application Nmap Nmap 2.3 beta17 All All
Application Nmap Nmap 2.3 beta18 All All
Application Nmap Nmap 2.3 beta19 All All
Application Nmap Nmap 2.3 beta20 All All
Application Nmap Nmap 2.3 beta21 All All
Application Nmap Nmap 2.3 beta4 All All
Application Nmap Nmap 2.3 beta5 All All
Application Nmap Nmap 2.3 beta6 All All
Application Nmap Nmap 2.3 beta8 All All
Application Nmap Nmap 2.3 beta9 All All
Application Nmap Nmap 2.50 All All All
Application Nmap Nmap 2.51 All All All
Application Nmap Nmap 2.52 All All All
Application Nmap Nmap 2.53 All All All
Application Nmap Nmap 2.54 beta1 All All
Application Nmap Nmap 2.54 beta16 All All
Application Nmap Nmap 2.54 beta19 All All
Application Nmap Nmap 2.54 beta2 All All
Application Nmap Nmap 2.54 beta20 All All
Application Nmap Nmap 2.54 beta21 All All
Application Nmap Nmap 2.54 beta22 All All
Application Nmap Nmap 2.54 beta24 All All
Application Nmap Nmap 2.54 beta25 All All
Application Nmap Nmap 2.54 beta26 All All
Application Nmap Nmap 2.54 beta27 All All
Application Nmap Nmap 2.54 beta28 All All
Application Nmap Nmap 2.54 beta29 All All
Application Nmap Nmap 2.54 beta3 All All
Application Nmap Nmap 2.54 beta30 All All
Application Nmap Nmap 2.54 beta31 All All
Application Nmap Nmap 2.54 beta32 All All
Application Nmap Nmap 2.54 beta33 All All
Application Nmap Nmap 2.54 beta34 All All
Application Nmap Nmap 2.54 beta35 All All
Application Nmap Nmap 2.54 beta36 All All
Application Nmap Nmap 2.54 beta37 All All
Application Nmap Nmap 2.54 beta4 All All
Application Nmap Nmap 2.54 beta5 All All
Application Nmap Nmap 2.54 beta6 All All
Application Nmap Nmap 2.54 beta7 All All
Application Nmap Nmap 2.99 rc1 All All
Application Nmap Nmap 2.99 rc2 All All
Application Nmap Nmap 3.00 All All All
Application Nmap Nmap 3.10 alpha1 All All
Application Nmap Nmap 3.10 alpha2 All All
Application Nmap Nmap 3.10 alpha3 All All
Application Nmap Nmap 3.10 alpha4 All All
Application Nmap Nmap 3.10 alpha5 All All
Application Nmap Nmap 3.10 alpha7 All All
Application Nmap Nmap 3.10 alpha9 All All
Application Nmap Nmap 3.15 beta1 All All
Application Nmap Nmap 3.15 beta2 All All
Application Nmap Nmap 3.15 beta3 All All
Application Nmap Nmap 3.20 All All All
Application Nmap Nmap 3.25 All All All
Application Nmap Nmap 3.26 All All All
Application Nmap Nmap 3.27 All All All
Application Nmap Nmap 3.28 All All All
Application Nmap Nmap 3.30 All All All
Application Nmap Nmap 3.40 pvt1 All All
Application Nmap Nmap 3.40 pvt10 All All
Application Nmap Nmap 3.40 pvt11 All All
Application Nmap Nmap 3.40 pvt12 All All
Application Nmap Nmap 3.40 pvt13 All All
Application Nmap Nmap 3.40 pvt14 All All
Application Nmap Nmap 3.40 pvt15 All All
Application Nmap Nmap 3.40 pvt16 All All
Application Nmap Nmap 3.40 pvt17 All All
Application Nmap Nmap 3.40 pvt2 All All
Application Nmap Nmap 3.40 pvt3 All All
Application Nmap Nmap 3.40 pvt4 All All
Application Nmap Nmap 3.40 pvt6 All All
Application Nmap Nmap 3.40 pvt7 All All
Application Nmap Nmap 3.40 pvt8 All All
Application Nmap Nmap 3.40 pvt9 All All
Application Nmap Nmap 3.45 All All All
Application Nmap Nmap 3.48 All All All
Application Nmap Nmap 3.50 All All All
Application Nmap Nmap 3.55 All All All
Application Nmap Nmap 3.70 All All All
Application Nmap Nmap 3.75 All All All
Application Nmap Nmap 3.81 All All All
Application Nmap Nmap 3.90 All All All
Application Nmap Nmap 3.91 All All All
Application Nmap Nmap 3.93 All All All
Application Nmap Nmap 3.94 alpha1 All All
Application Nmap Nmap 3.94 alpha2 All All
Application Nmap Nmap 3.94 alpha3 All All
Application Nmap Nmap 3.95 All All All
Application Nmap Nmap 3.96 beta1 All All
Application Nmap Nmap 3.98 beta1 All All
Application Nmap Nmap 3.99 All All All
Application Nmap Nmap 3.999 All All All
Application Nmap Nmap 3.9999 All All All
Application Nmap Nmap 4.00 All All All
Application Nmap Nmap 4.01 All All All
Application Nmap Nmap 4.02 alpha1 All All
Application Nmap Nmap 4.02 alpha2 All All
Application Nmap Nmap 4.03 All All All
Application Nmap Nmap 4.04 beta1 All All
Application Nmap Nmap 4.10 All All All
Application Nmap Nmap 4.11 All All All
Application Nmap Nmap 4.20 All All All
Application Nmap Nmap 4.20 alpha1 All All
Application Nmap Nmap 4.20 alpha10 All All
Application Nmap Nmap 4.20 alpha11 All All
Application Nmap Nmap 4.20 alpha2 All All
Application Nmap Nmap 4.20 alpha3 All All
Application Nmap Nmap 4.20 alpha4 All All
Application Nmap Nmap 4.20 alpha5 All All
Application Nmap Nmap 4.20 alpha6 All All
Application Nmap Nmap 4.20 alpha7 All All
Application Nmap Nmap 4.20 alpha8 All All
Application Nmap Nmap 4.20 alpha9 All All
Application Nmap Nmap 4.20 rc1 All All
Application Nmap Nmap 4.20 rc2 All All
Application Nmap Nmap 4.21 alpha1 All All
Application Nmap Nmap 4.21 alpha2 All All
Application Nmap Nmap 4.21 alpha3 All All
Application Nmap Nmap 4.21 alpha4 All All
Application Nmap Nmap 4.22 soc1 All All
Application Nmap Nmap 4.22 soc2 All All
Application Nmap Nmap 4.22 soc3 All All
Application Nmap Nmap 4.22 soc5 All All
Application Nmap Nmap 4.22 soc6 All All
Application Nmap Nmap 4.22 soc7 All All
Application Nmap Nmap 4.22 soc8 All All
Application Nmap Nmap 4.49 rc1 All All
Application Nmap Nmap 4.49 rc2 All All
Application Nmap Nmap 4.49 rc3 All All
Application Nmap Nmap 4.49 rc4 All All
Application Nmap Nmap 4.49 rc5 All All
Application Nmap Nmap 4.49 rc6 All All
Application Nmap Nmap 4.49 rc7 All All
Application Nmap Nmap 4.50 All All All
Application Nmap Nmap 4.51 beta All All
Application Nmap Nmap 4.52 All All All
Application Nmap Nmap 4.53 All All All
Application Nmap Nmap 4.60 All All All
Application Nmap Nmap 4.62 All All All
Application Nmap Nmap 4.65 All All All
Application Nmap Nmap 4.68 All All All
Application Nmap Nmap 4.75 All All All
Application Nmap Nmap 4.76 All All All
Application Nmap Nmap 4.85 beta1 All All
Application Nmap Nmap 4.85 beta10 All All
Application Nmap Nmap 4.85 beta2 All All
Application Nmap Nmap 4.85 beta3 All All
Application Nmap Nmap 4.85 beta4 All All
Application Nmap Nmap 4.85 beta5 All All
Application Nmap Nmap 4.85 beta6 All All
Application Nmap Nmap 4.85 beta7 All All
Application Nmap Nmap 4.85 beta8 All All
Application Nmap Nmap 4.85 beta9 All All
Application Nmap Nmap 4.90 rc1 All All
Application Nmap Nmap 5.00 All All All
Application Nmap Nmap 5.10 beta1 All All
Application Nmap Nmap 5.10 beta2 All All
Application Nmap Nmap 5.20 All All All
Application Nmap Nmap 5.21 All All All
Application Nmap Nmap 5.30 beta1 All All
Application Nmap Nmap 5.35 dc1 All All
Application Nmap Nmap 5.50 All All All
Application Nmap Nmap 5.51 All All All
Application Nmap Nmap 5.59 beta1 All All
Application Nmap Nmap 5.61 test1 All All
Application Nmap Nmap 5.61 test2 All All
Application Nmap Nmap 5.61 test4 All All
Application Nmap Nmap 5.61 test5 All All
Application Nmap Nmap 6.00 All All All
Application Nmap Nmap 6.01 All All All
Application Nmap Nmap 6.20 beta1 All All
Application Nmap Nmap All All All All
Operating System Opensuse Opensuse 12.3 All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Na N/a affected n/a Not specified

References

ReferenceSourceLinkTags
404 Not Found | Trustwave af854a3a-2127-422b-91ae-364da2661108 www.trustwave.com Exploit
openSUSE-SU-2013:1561-1: moderate: nmap: fixed http-domino-enum-password af854a3a-2127-422b-91ae-364da2661108 lists.opensuse.org Vendor Advisory
weaponized nmap exploit · drk1wi/portspoof@1791fe4 · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Exploit, Patch
openSUSE-SU-2013:1579-1: moderate: nmap: security fix for http-domino-en af854a3a-2127-422b-91ae-364da2661108 lists.opensuse.org
Nmap Change Log af854a3a-2127-422b-91ae-364da2661108 nmap.org
Nmap Http-domino-enum-passwords File Upload ≈ Packet Storm af854a3a-2127-422b-91ae-364da2661108 packetstormsecurity.com Exploit
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report