Lucene search

MitreCVE-2002-2403

HistoryNov 01, 2007 - 5:00 p.m.

CVE-2002-2403

2007-11-0117:00:00

CWE-22

mitre

web.nvd.nist.gov

cve-2002-2403

directory traversal

keyfocus web server

remote attackers

arbitrary files

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.025

Percentile

90.2%

JSON

Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via “…”, “…”, “…”, and other multiple dot sequences.

Affected configurations

Nvd

Node

key_focuskf_web_serverMatch1.0.8

VendorProductVersionCPE
key_focuskf_web_server1.0.8cpe:2.3:a:key_focus:kf_web_server:1.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
key_focus	kf_web_server	1.0.8	cpe:2.3:a:key_focus:kf_web_server:1.0.8:::::::*

References

archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html

securityreason.com/securityalert/3331

www.iss.net/security_center/static/10622.php

www.keyfocus.net/kfws/support/

www.securityfocus.com/archive/1/299742

www.securityfocus.com/bid/6180

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.025

Percentile

90.2%

JSON

Related for CVE-2002-2403