CVE-2001-1118

Sažetak

A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.

Reference

http://download.roxen.com/2.0/patch/security-notice.html
http://www.securityfocus.com/archive/1/201476
http://www.securityfocus.com/archive/1/201499
http://www.securityfocus.com/bid/3145
https://exchange.xforce.ibmcloud.com/vulnerabilities/6937

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-10-2017 - 01:30

Objavljeno

02-08-2001 - 04:00