CVE-2002-2403

Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/299742	Exploit
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html	Exploit
http://www.keyfocus.net/kfws/support/
http://www.securityfocus.com/bid/6180	Exploit
http://www.iss.net/security_center/static/10622.php
http://securityreason.com/securityalert/3331	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:key_focus:kf_web_server:1.0.8:*:*:*:*:*:*:*

Information

Published : 2002-12-30 21:00

Updated : 2008-09-05 13:33

NVD link : CVE-2002-2403

Mitre link : CVE-2002-2403

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Products Affected

key_focus

kf_web_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/299742", "name": "20021113 KeyFocus KF Web Server File Disclosure Vulnerability", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html", "name": "20021113 KeyFocus KF Web Server File Disclosure Vulnerability", "tags": ["Exploit"], "refsource": "VULNWATCH"}, {"url": "http://www.keyfocus.net/kfws/support/", "name": "http://www.keyfocus.net/kfws/support/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/6180", "name": "6180", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/10622.php", "name": "keyfocus-get-directory-traversal(10622)", "tags": [], "refsource": "XF"}, {"url": "http://securityreason.com/securityalert/3331", "name": "3331", "tags": ["Exploit"], "refsource": "SREASON"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via \"...\", \"....\", \".....\", and other multiple dot sequences."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-2403", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:key_focus:kf_web_server:1.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:33Z"}

5.0 /10