CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-0524

ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.023

EPSS Ranking 84.3%

CVSS Severity

CVSS v2 Score 5.0

References

http://online.securityfocus.com/archive/82/266705
http://www.asp-nuke.com/news.asp?date=20020412&cat=11
http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
http://www.iss.net/security_center/static/8833.php
http://www.securityfocus.com/bid/4489
http://online.securityfocus.com/archive/82/266705
http://www.asp-nuke.com/news.asp?date=20020412&cat=11
http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
http://www.iss.net/security_center/static/8833.php
http://www.securityfocus.com/bid/4489

Products affected by CVE-2002-0524

Asp-Nuke » Asp-Nuke » Version: rc1

cpe:2.3:a:asp-nuke:asp-nuke:rc1
Asp-Nuke » Asp-Nuke » Version: rc2

cpe:2.3:a:asp-nuke:asp-nuke:rc2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-0524

Products

Pricing

Contact Us