Lucene search

MitreCVE-2000-0176

HistoryMar 22, 2000 - 5:00 a.m.

CVE-2000-0176

2000-03-2205:00:00

mitre

web.nvd.nist.gov

cve-2000-0176

vulnerabilities

serv-u 2.5d

infosec

nvd

remote attackers

pathname disclosure

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON

The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.

Affected configurations

Nvd

Node

cat_softserv-uMatch2.4

cat_softserv-uMatch2.5

cat_softserv-uMatch2.5a

cat_softserv-uMatch2.5b

cat_softserv-uMatch2.5c

cat_softserv-uMatch2.5d

VendorProductVersionCPE
cat_softserv-u2.4cpe:2.3:a:cat_soft:serv-u:2.4:*:*:*:*:*:*:*
cat_softserv-u2.5cpe:2.3:a:cat_soft:serv-u:2.5:*:*:*:*:*:*:*
cat_softserv-u2.5acpe:2.3:a:cat_soft:serv-u:2.5a:*:*:*:*:*:*:*
cat_softserv-u2.5bcpe:2.3:a:cat_soft:serv-u:2.5b:*:*:*:*:*:*:*
cat_softserv-u2.5ccpe:2.3:a:cat_soft:serv-u:2.5c:*:*:*:*:*:*:*
cat_softserv-u2.5dcpe:2.3:a:cat_soft:serv-u:2.5d:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cat_soft	serv-u	2.4	cpe:2.3:a:cat_soft:serv-u:2.4:::::::*
cat_soft	serv-u	2.5	cpe:2.3:a:cat_soft:serv-u:2.5:::::::*
cat_soft	serv-u	2.5a	cpe:2.3:a:cat_soft:serv-u:2.5a:::::::*
cat_soft	serv-u	2.5b	cpe:2.3:a:cat_soft:serv-u:2.5b:::::::*
cat_soft	serv-u	2.5c	cpe:2.3:a:cat_soft:serv-u:2.5c:::::::*
cat_soft	serv-u	2.5d	cpe:2.3:a:cat_soft:serv-u:2.5d:::::::*

References

archives.neohapsis.com/archives/bugtraq/2000-02/0417.html

www.securityfocus.com/bid/1016

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON

Related for CVE-2000-0176