Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0555

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-0555
Last Modified 05 Sep 2008 04:24:23
Published 14 Aug 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0555

Summary

ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.

Vulnerable Systems

Application

  • Screaming Media Siteware 3.1


References

CERT-VN - VU#795707

CONFIRM - http://www01.screamingmedia.com/en/security/sms1001.php

XF - siteware-dot-file-retrieval(6689)

BID - 2869

OSVDB - 13887

BUGTRAQ - 20010613 ScreamingMedia SITEWare source code disclosure vulnerability

BUGTRAQ - 20010613 ScreamingMedia SITEWare arbitrary file retrieval vulnerability


Last Updated: 27 May 2016 10:36:18