CVE-2002-0300

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=101415804625292&w=2
http://marc.info/?l=bugtraq&m=101422432123898&w=2
http://www.debian.org/security/2002/dsa-114	Patch Vendor Advisory
http://www.iss.net/security_center/static/8240.php
http://www.securityfocus.com/bid/4125

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnujsp:gnujsp:1.0.0:::::::*
	cpe:2.3:a:gnujsp:gnujsp:1.0.1:::::::*

History

No history.

Information

Published : 2002-05-31 04:00

Updated : 2016-10-18 02:18

NVD link : CVE-2002-0300

Mitre link : CVE-2002-0300

CVE.ORG link : CVE-2002-0300

JSON object : View

Products Affected

gnujsp

gnujsp

CWE

NVD-CWE-Other

{"id": "CVE-2002-0300", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-05-31T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=101415804625292&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=101422432123898&w=2", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2002/dsa-114", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8240.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4125", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file."}, {"lang": "es", "value": "gnujsp 1.0.0 y 1.0.1 permite a atacantes listar directorios, leer el c\u00f3digo fuente de ciertos scripts y sortear restricciones de acceso pidiendo el fichero objetivo directamente al servelet gnujsp, que no resuelve una limitaci\u00f3n de JServ y no procesa el fichero pedido."}], "lastModified": "2016-10-18T02:18:41.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnujsp:gnujsp:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FF92000-DEC0-4F83-AB5F-A69747789D37"}, {"criteria": "cpe:2.3:a:gnujsp:gnujsp:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ED722FC-4A0A-4407-8659-F1CB2BC063E2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}