CVE-2005-2020 - Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote

CVE-2005-2020

Summary

Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.

References

http://secunia.com/advisories/16639
http://securitytracker.com/id?1014836
http://www.idefense.com/application/poi/display?id=300&type=vulnerabilities&flashstatus=true
http://www.vupen.com/english/advisories/2005/1611

Vulnerable Configurations

cpe:2.3:a:3com:3c15100d:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:3com:3c15100d:5.0.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 08-03-2011 - 02:23)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

idefense	20050902 3Com Network Supervisor Directory Traversal Vulnerability
sectrack	1014836
secunia	16639
vupen	ADV-2005-1611

Last major update

08-03-2011 - 02:23

Published

08-09-2005 - 10:03

Last modified

08-03-2011 - 02:23