Vulnerability Details CVE-2002-2403
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 90.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html
- http://securityreason.com/securityalert/3331
- http://www.iss.net/security_center/static/10622.php
- http://www.keyfocus.net/kfws/support/
- http://www.securityfocus.com/archive/1/299742
- http://www.securityfocus.com/bid/6180
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html
- http://securityreason.com/securityalert/3331
- http://www.iss.net/security_center/static/10622.php
- http://www.keyfocus.net/kfws/support/
- http://www.securityfocus.com/archive/1/299742
- http://www.securityfocus.com/bid/6180
Products affected by CVE-2002-2403
-
cpe:2.3:a:key_focus:kf_web_server:1.0.8