Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1048

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1048
Last Modified 05 Sep 2008 04:25:33
Published 02 Oct 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1048

Summary

AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Vulnerable Systems

Application

  • Topher1kenobe Awol 1.0

  • Topher1kenobe Awol 1.0.1

  • Topher1kenobe Awol 1.2

  • Topher1kenobe Awol 1.2.1

  • Topher1kenobe Awol 2.0

  • Topher1kenobe Awol 2.01

  • Topher1kenobe Awol 2.1


References

CONFIRM - http://www.gospelcom.net/mnn/topher/awol/changelog.php

BUGTRAQ - 20011002 results of semi-automatic source code audit

BID - 3387

MISC - http://www.geocrawler.com/archives/3/14414/2001/9/0/6668723/

XF - php-includedir-code-execution(7215)


Last Updated: 27 May 2016 10:36:30