Lucene search

MitreCVE-2002-0196

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2002-0196

2002-06-2504:00:00

mitre

web.nvd.nist.gov

cve-2002-0196

acd cwpapi 1.1

getrelativepath

server root

remote access

website security

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.3%

JSON

GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.

Affected configurations

Nvd

Node

acd_incorporatedcwpapiMatch1.1

VendorProductVersionCPE
acd_incorporatedcwpapi1.1cpe:2.3:a:acd_incorporated:cwpapi:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
acd_incorporated	cwpapi	1.1	cpe:2.3:a:acd_incorporated:cwpapi:1.1:::::::*

References

online.securityfocus.com/archive/1/251699

sourceforge.net/forum/forum.php?forum_id=144966

www.iss.net/security_center/static/7981.php

www.securityfocus.com/bid/3924

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.3%

JSON

Related for CVE-2002-0196