Lucene search

[email protected]CVE-2000-0176

HistoryFeb 29, 2000 - 5:00 a.m.

CVE-2000-0176

2000-02-2905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2000-0176

vulnerabilities

serv-u 2.5d

infosec

nvd

remote attackers

pathname disclosure

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.6%

JSON

The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.

CPENameOperatorVersion
cat_soft:serv-ucat soft serv-ueq2.4
cat_soft:serv-ucat soft serv-ueq2.5b
cat_soft:serv-ucat soft serv-ueq2.5c
cat_soft:serv-ucat soft serv-ueq2.5
cat_soft:serv-ucat soft serv-ueq2.5d
cat_soft:serv-ucat soft serv-ueq2.5a

CPE	Name	Operator	Version
cat_soft:serv-u	cat soft serv-u	eq	2.4
cat_soft:serv-u	cat soft serv-u	eq	2.5b
cat_soft:serv-u	cat soft serv-u	eq	2.5c
cat_soft:serv-u	cat soft serv-u	eq	2.5
cat_soft:serv-u	cat soft serv-u	eq	2.5d
cat_soft:serv-u	cat soft serv-u	eq	2.5a

References

archives.neohapsis.com/archives/bugtraq/2000-02/0417.html

www.securityfocus.com/bid/1016

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.6%

JSON

Related for CVE-2000-0176

nessus1