Lucene search

[email protected]CVE-2002-0446

HistoryJul 26, 2002 - 4:00 a.m.

CVE-2002-0446

2002-07-2604:00:00

[email protected]

web.nvd.nist.gov

btp

black tie project

categorie.php3

web server path exposure

remote attack

cve-2002-0446

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

JSON

categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message.

Affected configurations

NVD

Node

black_tie_projectblack_tie_projectMatch0.4b

black_tie_projectblack_tie_projectMatch0.5

black_tie_projectblack_tie_projectMatch0.5b

CPENameOperatorVersion
black_tie_project:black_tie_projectblack tie projecteq0.4b
black_tie_project:black_tie_projectblack tie projecteq0.5
black_tie_project:black_tie_projectblack tie projecteq0.5b

CPE	Name	Operator	Version
black_tie_project:black_tie_project	black tie project	eq	0.4b
black_tie_project:black_tie_project	black tie project	eq	0.5
black_tie_project:black_tie_project	black tie project	eq	0.5b

References

www.iss.net/security_center/static/8439.php

www.securityfocus.com/archive/1/261681

www.securityfocus.com/bid/4275

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for CVE-2002-0446

cvelist1 nvd1