Unrated severityNVD Advisory· Published Jan 23, 2008· Updated Apr 23, 2026

CVE-2008-0396

Description

Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.

Affected products

Bitdefender/Update Server
cpe:2.3:a:bitdefender:update_server:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oliverkarow.de/research/bitdefender.txtnvdExploit
www.securityfocus.com/bid/27358nvdExploit
secunia.com/advisories/28578nvdVendor Advisory
oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/nvd
securityreason.com/securityalert/3568nvd
www.securityfocus.com/archive/1/486701/100/0/threadednvd
www.vupen.com/english/advisories/2008/0213nvd
exchange.xforce.ibmcloud.com/vulnerabilities/39802nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000