Vulnerability Details CVE-2001-0557
T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.127
EPSS Ranking 93.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
- http://www.kb.cert.org/vuls/id/132099
- http://www.securityfocus.com/bid/2703
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6513
- http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
- http://www.kb.cert.org/vuls/id/132099
- http://www.securityfocus.com/bid/2703
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6513
Products affected by CVE-2001-0557
-
cpe:2.3:a:t._hauck:jana_web_server:*
-
cpe:2.3:a:t._hauck:jana_web_server:1.0j
-
cpe:2.3:a:t._hauck:jana_web_server:1.45
-
cpe:2.3:a:t._hauck:jana_web_server:2.0_beta_1