Lucene search

[email protected]CVE-2000-0412

HistoryJun 15, 2000 - 4:00 a.m.

CVE-2000-0412

2000-06-1504:00:00

[email protected]

web.nvd.nist.gov

gnapster

knapster

mp3

file exposure

cve-2000-0412

remote access

nvd.

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.042 Low

EPSS

Percentile

92.3%

JSON

The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.

Affected configurations

NVD

Node

napsterknapsterMatchnapster

CPENameOperatorVersion
napster:knapsternapster knapstereqnapster

CPE	Name	Operator	Version
napster:knapster	napster knapster	eq	napster

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:18-gnapster.adv

archives.neohapsis.com/archives/bugtraq/2000-05/0124.html

archives.neohapsis.com/archives/bugtraq/2000-05/0127.html

www.securityfocus.com/bid/1186

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.042 Low

EPSS

Percentile

92.3%

JSON

Related for CVE-2000-0412

nessus1 cvelist1 nvd1