Vulnerability Details CVE-2002-1837
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.036
EPSS Ranking 87.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://ids.sourceforge.net/ChangeLog.html
- http://online.securityfocus.com/archive/1/274433
- http://www.iss.net/security_center/static/9201.php
- http://www.securityfocus.com/bid/4870
- http://ids.sourceforge.net/ChangeLog.html
- http://online.securityfocus.com/archive/1/274433
- http://www.iss.net/security_center/static/9201.php
- http://www.securityfocus.com/bid/4870