Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0938

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2001-0938
Last Modified 10 Sep 2008 03:09:17
Published 30 Nov 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0938

Summary

Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp.

Vulnerable Systems

Application

  • Persits Aspupload 2.1


References

BUGTRAQ - 20011130 Aspupload installs exploitable scripts

BID - 3608

XF - aspupload-directory-browsing-download(7629)

XF - aspupload-upload-directory-traversal(7628)


Last Updated: 27 May 2016 10:36:27