Lucene search

[email protected]CVE-2002-2403

HistoryNov 01, 2007 - 5:00 p.m.

CVE-2002-2403

2007-11-0117:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2002-2403

directory traversal

keyfocus web server

remote attackers

arbitrary files

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via “…”, “…”, “…”, and other multiple dot sequences.

Affected configurations

NVD

Node

key_focuskf_web_serverMatch1.0.8

CPENameOperatorVersion
key_focus:kf_web_serverkey focus kf web servereq1.0.8

CPE	Name	Operator	Version
key_focus:kf_web_server	key focus kf web server	eq	1.0.8

References

archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html

securityreason.com/securityalert/3331

www.iss.net/security_center/static/10622.php

www.keyfocus.net/kfws/support/

www.securityfocus.com/archive/1/299742

www.securityfocus.com/bid/6180

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

Related for CVE-2002-2403

cvelist1 nvd1