Vulnerability Details CVE-2004-0050
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0024.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020952.html
- http://marc.info/?l=bugtraq&m=108377388114888&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16066
- http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0024.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020952.html
- http://marc.info/?l=bugtraq&m=108377388114888&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16066