Vulnerability Details CVE-2002-2403
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.076
EPSS Ranking 91.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html
- http://securityreason.com/securityalert/3331
- http://www.iss.net/security_center/static/10622.php
- http://www.keyfocus.net/kfws/support/
- http://www.securityfocus.com/archive/1/299742
- http://www.securityfocus.com/bid/6180
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html
- http://securityreason.com/securityalert/3331
- http://www.iss.net/security_center/static/10622.php
- http://www.keyfocus.net/kfws/support/
- http://www.securityfocus.com/archive/1/299742
- http://www.securityfocus.com/bid/6180
Products affected by CVE-2002-2403
-
cpe:2.3:a:key_focus:kf_web_server:1.0.8