Lucene search

[email protected]CVE-2005-1952

HistoryJun 16, 2005 - 4:00 a.m.

CVE-2005-1952

2005-06-1604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-1952

pico server

pserv

directory traversal

remote attack

arbitrary files

arbitrary commands

incorrect directory depth count

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.4%

JSON

Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each … (dot dot) sequence in the URL, which results in an incorrect directory depth count.

CPENameOperatorVersion
pico_server:pico_serverpico servereq3.3

CPE	Name	Operator	Version
pico_server:pico_server	pico server	eq	3.3

References

marc.info/?l=bugtraq&m=111852830111316&w=2

secunia.com/advisories/15663

sourceforge.net/project/shownotes.php?group_id=59378&release_id=334036

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.4%

JSON

Related for CVE-2005-1952

cvelist1