Lucene search

[email protected]CVE-2002-1058

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-1058

2002-10-0404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2002

1058

directory traversal

vulnerability

splashadmin.php

cobalt qube 3.0

local users

remote attackers

privileges

sessionid cookie

alternate session file

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.1%

JSON

Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via … (dot dot) sequences in the sessionId cookie that point to an alternate session file.

CPENameOperatorVersion
cobalt:qubecobalt qubeeq3.0

CPE	Name	Operator	Version
cobalt:qube	cobalt qube	eq	3.0

References

archives.neohapsis.com/archives/bugtraq/2002-07/0261.html

www.iss.net/security_center/static/9669.php

www.securityfocus.com/bid/5297

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.1%

JSON