CVE-2002-0196

{"id": "CVE-2002-0196", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-05-16T04:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/251699", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/forum/forum.php?forum_id=144966", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/7981.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3924", "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/archive/1/251699", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/forum/forum.php?forum_id=144966", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/7981.php", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/3924", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root."}, {"lang": "es", "value": "GetRelativePath en ACD Incorporated CwAPI 1.1 solo verifica si la ra\u00edz del servidor est\u00e1 dentro de la ruta (path) lo que podr\u00eda permitir a atacantes remotos leer o escribir ficheros fuera de la ra\u00edz del web, en otros directorios cuya ruta incluye la ra\u00edz del web."}], "lastModified": "2024-11-20T23:38:31.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:acd_incorporated:cwpapi:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FF5F0FC-785B-41DA-B640-62A52509E26F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}