Lucene search

MitreCVE-2001-1586

HistoryFeb 12, 2010 - 9:30 p.m.

CVE-2001-1586

2010-02-1221:30:00

CWE-22

mitre

web.nvd.nist.gov

cve-2001-1586

simpleserver:www 1.13

vulnerability

remote attack

cgi-bin

directory traversal

nvd.

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.023

Percentile

89.7%

JSON

Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded …/ (“%2E%2E%2F%”) sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.

Affected configurations

Nvd

Node

analogxsimpleserver_wwwRange≤1.13

analogxsimpleserver_wwwMatch1.0.8

analogxsimpleserver_wwwMatch1.01

analogxsimpleserver_wwwMatch1.03

analogxsimpleserver_wwwMatch1.04

analogxsimpleserver_wwwMatch1.05

analogxsimpleserver_wwwMatch1.06

VendorProductVersionCPE
analogxsimpleserver_www*cpe:2.3:a:analogx:simpleserver_www:*:*:*:*:*:*:*:*
analogxsimpleserver_www1.0.8cpe:2.3:a:analogx:simpleserver_www:1.0.8:*:*:*:*:*:*:*
analogxsimpleserver_www1.01cpe:2.3:a:analogx:simpleserver_www:1.01:*:*:*:*:*:*:*
analogxsimpleserver_www1.03cpe:2.3:a:analogx:simpleserver_www:1.03:*:*:*:*:*:*:*
analogxsimpleserver_www1.04cpe:2.3:a:analogx:simpleserver_www:1.04:*:*:*:*:*:*:*
analogxsimpleserver_www1.05cpe:2.3:a:analogx:simpleserver_www:1.05:*:*:*:*:*:*:*
analogxsimpleserver_www1.06cpe:2.3:a:analogx:simpleserver_www:1.06:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
analogx	simpleserver_www	*	cpe:2.3:a:analogx:simpleserver_www::::::::
analogx	simpleserver_www	1.0.8	cpe:2.3:a:analogx:simpleserver_www:1.0.8:::::::*
analogx	simpleserver_www	1.01	cpe:2.3:a:analogx:simpleserver_www:1.01:::::::*
analogx	simpleserver_www	1.03	cpe:2.3:a:analogx:simpleserver_www:1.03:::::::*
analogx	simpleserver_www	1.04	cpe:2.3:a:analogx:simpleserver_www:1.04:::::::*
analogx	simpleserver_www	1.05	cpe:2.3:a:analogx:simpleserver_www:1.05:::::::*
analogx	simpleserver_www	1.06	cpe:2.3:a:analogx:simpleserver_www:1.06:::::::*

References

seclists.org/bugtraq/2001/Jul/660

www.analogx.com/contents/download/network/sswww.htm

www.securiteam.com/windowsntfocus/5TP0B1P4UK.html

www.securityfocus.com/bid/3112

exchange.xforce.ibmcloud.com/vulnerabilities/56631

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.023

Percentile

89.7%

JSON

Related for CVE-2001-1586