Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0998

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0998
Last Modified 05 Sep 2008 04:29:30
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0998

Summary

Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function.

Vulnerable Systems

Application

  • Care 2002 1.0

  • Care 2002 1.0.01


References

BID - 5218

XF - care2002-include-read-files(9552)

BUGTRAQ - 20020712 Several problems in CARE 2002

CONFIRM - http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en


Last Updated: 27 May 2016 10:37:10