CVE-2002-0300

Sažetak

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.

Reference

http://marc.info/?l=bugtraq&m=101415804625292&w=2
http://marc.info/?l=bugtraq&m=101422432123898&w=2
http://www.debian.org/security/2002/dsa-114
http://www.iss.net/security_center/static/8240.php
http://www.securityfocus.com/bid/4125

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

18-10-2016 - 02:18

Objavljeno

31-05-2002 - 04:00