1. CVE-Search
  2. CVE-2002-0196
ID CVE-2002-0196
Summary GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
References
Vulnerable Configurations
  • cpe:2.3:a:acd_incorporated:cwpapi:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:acd_incorporated:cwpapi:1.1:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 11-09-2008 - 00:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 3924
bugtraq 20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)
confirm http://sourceforge.net/forum/forum.php?forum_id=144966
xf cwpapi-getrelativepath-view-files(7981)
Last major update 11-09-2008 - 00:00
Published 16-05-2002 - 04:00
Last modified 11-09-2008 - 00:00
Back to Top