Lucene search

[email protected]CVE-2002-1058

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-1058

2002-10-0404:00:00

[email protected]

web.nvd.nist.gov

cve

2002

1058

directory traversal

vulnerability

splashadmin.php

cobalt qube 3.0

local users

remote attackers

privileges

sessionid cookie

alternate session file

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.4%

JSON

Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via … (dot dot) sequences in the sessionId cookie that point to an alternate session file.

Affected configurations

NVD

Node

cobaltqubeMatch3.0

CPENameOperatorVersion
cobalt:qubecobalt qubeeq3.0

CPE	Name	Operator	Version
cobalt:qube	cobalt qube	eq	3.0

References

archives.neohapsis.com/archives/bugtraq/2002-07/0261.html

www.iss.net/security_center/static/9669.php

www.securityfocus.com/bid/5297

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.4%

JSON

Related for CVE-2002-1058

cvelist1 nvd1