Lucene search

[email protected]CVE-2002-2065

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-2065

2022-10-0316:23:49

[email protected]

web.nvd.nist.gov

webcalendar

cve-2002-2065

information security

remote attackers

web root

arbitrary include files

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

65.0%

JSON

WebCalendar 0.9.34 and earlier with ‘browsing in includes directory’ enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.

Affected configurations

NVD

Node

webcalendarwebcalendarMatch0.9.31

webcalendarwebcalendarMatch0.9.32

webcalendarwebcalendarMatch0.9.33

webcalendarwebcalendarMatch0.9.34

CPENameOperatorVersion
webcalendar:webcalendarwebcalendareq0.9.31
webcalendar:webcalendarwebcalendareq0.9.32
webcalendar:webcalendarwebcalendareq0.9.33
webcalendar:webcalendarwebcalendareq0.9.34

CPE	Name	Operator	Version
webcalendar:webcalendar	webcalendar	eq	0.9.31
webcalendar:webcalendar	webcalendar	eq	0.9.32
webcalendar:webcalendar	webcalendar	eq	0.9.33
webcalendar:webcalendar	webcalendar	eq	0.9.34

References

sourceforge.net/project/shownotes.php?group_id=3870&release_id=93295

www.iss.net/security_center/static/9296.php

www.securityfocus.com/bid/4961

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

65.0%

JSON

Related for CVE-2002-2065

cvelist1 nvd1