CERTVU:651994SEDUM HTTP server permits directory traversal
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
90.7%
Overview
The SEDUM web server permits intruders to access files outside the web root.
Description
The SEDUM Web Server permits intruders to access files outside the web root using a GET request containing “…” (dot dot). This can expose files (including files with sensitive information) to exposure by unauthorized individuals.
Impact
Intruders can read files accessible to the SEDUM web server they should not be able to read .
Solution
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor Information
Javascript is disabled. Click here to view vendors.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.securityfocus.com/bid/2335>
- <http://xforce.iss.net/static/6063.php>
- <http://www.securityfocus.com/archive/1/160452>
Acknowledgements
Our thanks to Joe Testa, who originally reported this problem on BugTraq.
This document was written by Shawn V. Hernan.
Other Information
| CVE IDs: | CVE-2001-0199 |
|---|---|
| Severity Metric: | 1.50 Date Public: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
90.7%