Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1496

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1496
Last Modified 05 Sep 2008 04:41:34
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1496

Summary

Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash).

Vulnerable Systems

Application

  • Minihttpserver.net Web Forums Server 1.6

  • Minihttpserver.net Web Forums Server 2.0 Power Pack


References

BUGTRAQ - 20041102 Multiple Vulnerabilities in Web Forums Server


Last Updated: 27 May 2016 10:39:04