Lucene search

[email protected]CVE-2002-0464

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0464

2002-08-1204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0464

hosting controller

directory traversal

remote access

nvd

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

83.4%

JSON

Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a … (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllereq1.4.1
hosting_controller:hosting_controllerhosting controllereq1.4

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	eq	1.4.1
hosting_controller:hosting_controller	hosting controller	eq	1.4

References

www.hostingcontroller.com/english/patches/ForAll/download/dot-slash.zip

www.securityfocus.com/archive/1/262734

www.securityfocus.com/bid/4311

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

83.4%

JSON