Lucene search

MitreCVE-2005-1952

HistoryJun 16, 2005 - 4:00 a.m.

CVE-2005-1952

2005-06-1604:00:00

mitre

web.nvd.nist.gov

cve-2005-1952

pico server

pserv

directory traversal

remote attack

arbitrary files

arbitrary commands

incorrect directory depth count

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.005

Percentile

75.6%

JSON

Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each … (dot dot) sequence in the URL, which results in an incorrect directory depth count.

Affected configurations

Nvd

Node

pico_serverpico_serverMatch3.3

VendorProductVersionCPE
pico_serverpico_server3.3cpe:2.3:a:pico_server:pico_server:3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pico_server	pico_server	3.3	cpe:2.3:a:pico_server:pico_server:3.3:::::::*

References

marc.info/?l=bugtraq&m=111852830111316&w=2

secunia.com/advisories/15663

sourceforge.net/project/shownotes.php?group_id=59378&release_id=334036

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.005

Percentile

75.6%

JSON

Related for CVE-2005-1952