Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:795707
HistoryJun 22, 2001 - 12:00 a.m.

ScreamingMedia SITEware does not adequately validate user input thereby allowing arbitrary file disclosure via directory traversal

2001-06-2200:00:00
www.kb.cert.org
19

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.819

Percentile

98.4%

JSON

Overview

A vulnerability exists in ScreamingMedia’s SiteWare Editor’s Desktop that allows an intruder to read arbitrary files within the SiteWare web hierarchy.

Description

SiteWare Editor’s Desktop is a web-based administration tool for manipulating ScreamingMedia content on a SiteWare web server. While logged into into the SiteWare application, a malicious user can traverse the directory tree and request any file located within the SiteWare web root. For more information, please see the ScreamingMedia advisory.

Impact

An intruder can view information stored in the SiteWare web root directory, such as SiteWare access information. This could result an intruder gaining unauthorized access to the SiteWare application. Once the intruder has gained access to the SiteWare application, s/he could modify web content and/or disrupt web services. Note that this vulnerability does not expose any files out of the SiteWare web root directory.

Solution

Contact vendor for patches.

Vendor Information

795707

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

ScreamingMedia __ Affected

Notified: May 08, 2001 Updated: June 21, 2001

Status

Affected

Vendor Statement

Please see <http://www01.screamingmedia.com/en/security/sms1001.php&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23795707 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by Mike Shema <mike.shema@foundstone> and was reported to the Bugtraq mailing list on June 13, 2001.

This document was written by Ian A. Finlay.

Other Information

CVE IDs: CVE-2001-0555
Severity Metric: 37.80 Date Public:

Related

exploitdb 1
cvelist 1
cve 1
nvd 1
exploitdb
exploitdb
SiteWare 2.5/3.0/3.1 Editor Desktop - Directory Traversal
2001-06-13 00:00:00
cvelist
cvelist
CVE-2001-0555
2001-07-27 04:00:00
cve
cve
CVE-2001-0555
2001-08-14 04:00:00
nvd
nvd
CVE-2001-0555
2001-08-14 04:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.819

Percentile

98.4%

JSON
Related for VU:795707
exploitdb1cvelist1cve1nvd1