ID CVE-2003-0338
Summary Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests.
References
Vulnerable Configurations
  • cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.10
    cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.10
  • cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.8
    cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.8
  • cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.9
    cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.9
  • cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.1
    cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.1
  • cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.2
    cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.2
  • cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.3
    cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.3
  • cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.4
    cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.4
  • cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.5
    cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.5
  • cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.6
    cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.6
  • cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.7
    cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.7
CVSS
Base: 5.0 (as of 25-05-2005 - 10:38)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description WSMP3 0.0.x Remote Command Execution Vulnerability. CVE-2003-0338. Remote exploit for linux platform
id EDB-ID:22623
last seen 2016-02-02
modified 2003-05-21
published 2003-05-21
reporter dong-h0un U
source https://www.exploit-db.com/download/22623/
title WSMP3 0.0.x - Remote Command Execution Vulnerability
nessus via4
NASL family Web Servers
NASL id WSMP3D_CMD_EXEC.NASL
description The remote host is using wsmp3d, an MP3 streaming web server. There is a flaw in this server that allows anyone to execute arbitrary commands and read arbitrary files with the privileges this server is running with.
last seen 2019-02-21
modified 2018-11-15
plugin id 11645
published 2003-05-21
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11645
title WsMp3 Daemon (WsMp3d) HTTP Traversal Arbitrary File Execution/Access
refmap via4
bugtraq 20030521 [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability
vulnwatch 20030521 [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability
Last major update 17-10-2016 - 22:32
Published 21-05-2003 - 00:00
Back to Top