CVE-2013-4885

Name: CVE-2013-4885
Creator: NVD / NIST
Published: 2013-10-26T17:55:03.387+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 7.22%

Last modified Jun 16, 2026

CVE-2013-4885 is a vulnerability of currently unknown severity. The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.. EPSS estimates a 7.22% chance of exploitation in the next 30 days.

Description

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.

Metrics

EPSS Probability

7.22%

93.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Nmap	Nmap	<= 6.25	—
Nmap	Nmap	2.1	Beta1
Nmap	Nmap	2.2	Beta2
Nmap	Nmap	2.3	Beta10
Nmap	Nmap	2.05	—
Nmap	Nmap	2.06	—
Nmap	Nmap	2.07	—
Nmap	Nmap	2.08	—
Nmap	Nmap	2.09	—
Nmap	Nmap	2.10	—
Nmap	Nmap	2.11	—
Nmap	Nmap	2.12	—
Nmap	Nmap	2.50	—
Nmap	Nmap	2.51	—
Nmap	Nmap	2.52	—
Nmap	Nmap	2.53	—
Nmap	Nmap	2.54	Beta1
Nmap	Nmap	2.99	Rc1
Nmap	Nmap	3.00	—
Nmap	Nmap	3.10	Alpha1
Nmap	Nmap	3.15	Beta1
Nmap	Nmap	3.20	—
Nmap	Nmap	3.25	—
Nmap	Nmap	3.26	—
Nmap	Nmap	3.27	—
Nmap	Nmap	3.28	—
Nmap	Nmap	3.30	—
Nmap	Nmap	3.40	Pvt1
Nmap	Nmap	3.45	—
Nmap	Nmap	3.48	—
Nmap	Nmap	3.50	—
Nmap	Nmap	3.55	—
Nmap	Nmap	3.70	—
Nmap	Nmap	3.75	—
Nmap	Nmap	3.81	—
Nmap	Nmap	3.90	—
Nmap	Nmap	3.91	—
Nmap	Nmap	3.93	—
Nmap	Nmap	3.94	Alpha1
Nmap	Nmap	3.95	—
Nmap	Nmap	3.96	Beta1
Nmap	Nmap	3.98	Beta1
Nmap	Nmap	3.99	—
Nmap	Nmap	3.999	—
Nmap	Nmap	3.9999	—
Nmap	Nmap	4.00	—
Nmap	Nmap	4.01	—
Nmap	Nmap	4.02	Alpha1
Nmap	Nmap	4.03	—
Nmap	Nmap	4.04	Beta1

Showing 50 of 82 affected configurations. See NVD for the full list.

References

Timeline

Published: Oct 26, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-4885?

How severe is CVE-2013-4885?

Severity scoring for CVE-2013-4885 is pending analysis. The EPSS model estimates a 7.22% probability of exploitation in the next 30 days.

How do I fix CVE-2013-4885?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-4885?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST