Lucene search

K
cve[email protected]CVE-2001-1130
HistoryAug 02, 2001 - 4:00 a.m.

CVE-2001-1130

2001-08-0204:00:00
NVD-CWE-Other
web.nvd.nist.gov
27
suse linux
remote attack
arbitrary commands
cve-2001-1130
vulnerability
sdbsearch.cgi

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.047 Low

EPSS

Percentile

92.5%

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a … in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.047 Low

EPSS

Percentile

92.5%

Related for CVE-2001-1130