Lucene search

[email protected]NVD:CVE-2002-0196

HistoryMay 16, 2002 - 4:00 a.m.

CVE-2002-0196

2002-05-1604:00:00

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

73.3%

JSON

GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.

Affected configurations

Nvd

Node

acd_incorporatedcwpapiMatch1.1

VendorProductVersionCPE
acd_incorporatedcwpapi1.1cpe:2.3:a:acd_incorporated:cwpapi:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
acd_incorporated	cwpapi	1.1	cpe:2.3:a:acd_incorporated:cwpapi:1.1:::::::*

References

online.securityfocus.com/archive/1/251699

sourceforge.net/forum/forum.php?forum_id=144966

www.iss.net/security_center/static/7981.php

www.securityfocus.com/bid/3924

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

73.3%

JSON

Related for NVD:CVE-2002-0196

cvelist1 cve1