Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0739

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2000-0739
Last Modified 05 Sep 2008 04:21:46
Published 20 Oct 2000 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0739

Summary

Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.

Vulnerable Systems

Application

  • Network Associates Net Tools Pki Server 1.0

  • Network Associates Net Tools Pki Server 1.0hotfix1

  • Network Associates Net Tools Pki Server 1.0hotfix2


References

BID - 1537

CONFIRM - http://download.nai.com/products/licensed/pgp/hf3pki10.txt

BUGTRAQ - 20000802 NAI Net Tools PKI Server vulnerabilities

XF - nettools-pki-dir-traverse(5066)

OSVDB - 1489


Last Updated: 27 May 2016 10:35:51