Vulnerability Details CVE-2001-0748
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.124
EPSS Ranking 93.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml
- http://www.iss.net/security_center/static/6634.php
- http://www.osvdb.org/5544
- http://www.securityfocus.com/archive/1/188141
- http://www.securityfocus.com/bid/2809
- http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml
- http://www.iss.net/security_center/static/6634.php
- http://www.osvdb.org/5544
- http://www.securityfocus.com/archive/1/188141
- http://www.securityfocus.com/bid/2809
Products affected by CVE-2001-0748
-
cpe:2.3:a:acme_labs:acme_server:1.7