Lucene search

[email protected]CVE-2000-1176

HistoryJan 09, 2001 - 5:00 a.m.

CVE-2000-1176

2001-01-0905:00:00

[email protected]

web.nvd.nist.gov

cve-2000-1176

yabb

search.pl

cgi script

directory traversal

remote access

arbitrary file read

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a … (dot dot) attack in the “catsearch” form field.

Affected configurations

NVD

Node

yabbyabbMatch2000-09-11

CPENameOperatorVersion
yabb:yabbyabbeq2000-09-11

CPE	Name	Operator	Version
yabb:yabb	yabb	eq	2000-09-11

References

archives.neohapsis.com/archives/bugtraq/2000-11/0110.html

www.securityfocus.com/bid/1921

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Related for CVE-2000-1176

cvelist1 nessus1 nvd1