Lucene search

[email protected]CVE-2003-1172

HistoryDec 31, 2003 - 5:00 a.m.

CVE-2003-1172

2003-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

apache

cocoon

directory traversal

vulnerability

cve-2003-1172

nvd

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.8%

JSON

Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a … (dot dot) in the filename parameter.

CPENameOperatorVersion
apache:cocoonapache cocooneq2.1.2
apache:cocoonapache cocooneq2.1
apache:cocoonapache cocooneq2.2

CPE	Name	Operator	Version
apache:cocoon	apache cocoon	eq	2.1.2
apache:cocoon	apache cocoon	eq	2.1
apache:cocoon	apache cocoon	eq	2.2

References

issues.apache.org/bugzilla/show_bug.cgi?id=23949

secunia.com/advisories/10064

securitytracker.com/id?1007993

www.osvdb.org/2749

www.securiteam.com/securitynews/6W00L0U8KC.html

www.securityfocus.com/bid/8883

exchange.xforce.ibmcloud.com/vulnerabilities/13499

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.8%

JSON

Related for CVE-2003-1172

cvelist1