Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1080

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1080
Last Modified 05 Sep 2008 04:29:43
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1080

Summary

The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl.

Vulnerable Systems

Application

  • Aprelium Technologies Abyss Web Server 1.0

  • Aprelium Technologies Abyss Web Server 1.0.3


References

BID - 5548

XF - abyss-admin-console-access(9957)

BUGTRAQ - 20020822 Abyss 1.0.3 directory traversal and administration bugs

CONFIRM - http://www.aprelium.com/news/patch1033.html


Last Updated: 27 May 2016 10:37:11