{"cve": [{"lastseen": "2021-02-02T05:19:04", "description": "Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.", "edition": 4, "cvss3": {}, "published": "2001-10-18T04:00:00", "title": "CVE-2001-0748", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2001-0748"], "modified": "2017-07-11T15:15:00", "cpe": ["cpe:/a:acme_labs:acme_server:1.7"], "id": "CVE-2001-0748", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0748", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:acme_labs:acme_server:1.7:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:00", "bulletinFamily": "software", "cvelist": ["CVE-2001-0748"], "edition": 1, "description": "## Vulnerability Description\nACME Laboratories' Java class Acme.Serve.Serve contains a flaw that allows a remote attacker to traverse outside of the web path. The issue is due to the server not properly sanitizing user input, specifically crafted URI requests using multiple slahses (////). With such a request, an attacker can force the server to access arbitrary files or force a directory index listing.\n## Solution Description\nThe Acme.Serve.Serve embedded web server is used in a wide variety of products. Consult your vendor for mitigation information.\n\nUpgrade to version Cisco SecureACS for Unix 2.3.6.1 or higher, as it has been reported to fix this vulnerability.\n## Short Description\nACME Laboratories' Java class Acme.Serve.Serve contains a flaw that allows a remote attacker to traverse outside of the web path. The issue is due to the server not properly sanitizing user input, specifically crafted URI requests using multiple slahses (////). With such a request, an attacker can force the server to access arbitrary files or force a directory index listing.\n## Manual Testing Notes\nForced directory browsing:\nhttp://[target]:9090///\n\nDirect file access:\nhttp://[target]:9090//etc/shadow\n## References:\nVendor URL: http://www.acme.com/java/software/Acme.Serve.Serve.html\n[Vendor Specific Advisory URL](http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml)\n[Secunia Advisory ID:25536](https://secuniaresearch.flexerasoftware.com/advisories/25536/)\nOther Advisory URL: http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-05/0314.html\nISS X-Force ID: 6634\n[CVE-2001-0748](https://vulners.com/cve/CVE-2001-0748)\nCIAC Advisory: m-097\nBugtraq ID: 2809\n", "modified": "2001-05-31T00:00:00", "published": "2001-05-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:5544", "id": "OSVDB:5544", "title": "Acme.Serve URI Slash Arbitrary File Access", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T15:13:54", "description": "Acme.Serve v1.7 Arbitrary File Access Vulnerability. CVE-2001-0748. Remote exploits for multiple platform", "published": "2001-05-31T00:00:00", "type": "exploitdb", "title": "Acme.Serve 1.7 - Arbitrary File Access Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2001-0748"], "modified": "2001-05-31T00:00:00", "id": "EDB-ID:20894", "href": "https://www.exploit-db.com/exploits/20894/", "sourceData": "source: http://www.securityfocus.com/bid/2809/info\r\n\r\nAcme.Serve is a free, open-source, embeddable webserver written in Java. It is small, is intended to provide minimal functionality, and is fully compatible with JavaServer.\r\n\r\nAcme.Serve 1.7 comes with a webserver that listens on port 9090. This webserver allows clients to browse the filesystem. By default, this webserver is enabled and accessible by any remote host on the Internet.\r\n\r\nIf an attacker were to connect, they could view possibly sensitive information.\r\n\r\n\r\nhttp://potentialvictim:9090//etc/shadow to view '/etc/shadow'. ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/20894/"}], "cisco": [{"lastseen": "2020-12-24T11:42:15", "bulletinFamily": "software", "cvelist": ["CVE-2001-0748"], "description": "", "modified": "2002-07-02T18:00:00", "published": "2002-07-02T18:00:00", "id": "CISCO-SA-20020702-ACSUNIX-ACMEWEB", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020702-acsunix-acmeweb", "type": "cisco", "title": "Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:22", "bulletinFamily": "software", "cvelist": ["CVE-2001-0748"], "description": "Synopsis: APC PowerChute Network Shutdown 2.21 is vulnerable to directory\r\ntransversal\r\n\r\n\r\nBackground: APC PowerChute Network Shutdown is used to perform graceful\r\nshutdowns of network servers from one main server.\r\n\r\n\r\nAffected Versions: <= 2.21 build 116\r\n\r\n\r\nDescription: APC PowerChute Network Shutdown is vulnerable to a directory\r\ntransversal by appending special characters such as %5c and %2e to the end\r\nof a URL. This is due to an existing vulnerability in Acme.Serve which is a\r\nJava HTTP server which PowerChute Network Shutdown is built on.\r\n\r\n\r\nVendor Notified April 9th 2007\r\nVendor Response April 10th 2007 "A fix is being worked on for the next\r\nrelease."\r\n\r\nApril 25th 2007 Spoke to vendor again, no ETA.\r\n\r\nMay 3rd 2007 No ETA.\r\n\r\nJune 1st 2007 No ETA.\r\n\r\n\r\nReference: CVE-2001-0748\r\n\r\nhttp://xforce.iss.net/xforce/xfdb/6634\r\n\r\nhttp://www.securityfocus.com/bid/2809\r\n\r\nhttp://www.apc.com/products/family/index.cfm?id=127\r\n\r\nhttp://www.acme.com/java/software/Acme.Serve.Serve.html\r\n\r\n\r\nChris Castaldo\r\n\r\n"An ounce of prevention is worth a pound of cure."", "edition": 1, "modified": "2007-06-03T00:00:00", "published": "2007-06-03T00:00:00", "id": "SECURITYVULNS:DOC:17171", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17171", "title": "[Full-disclosure] APC PowerChute Network Shutdown 2.21 is vulnerable to directory transversal", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:15", "bulletinFamily": "software", "cvelist": ["CVE-2001-0748"], "description": "\u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043b\u044e\u0431\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0435\u0439 root.", "edition": 1, "modified": "2001-06-02T00:00:00", "published": "2001-06-02T00:00:00", "id": "SECURITYVULNS:VULN:1228", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:1228", "title": "\u0423\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0447\u0435\u0440\u0435\u0437 Acme (remote unauthorized access)", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}