Vulnerabilities > CVE-2001-0189 - Unspecified vulnerability in Intranet-Server Localweb2000 1.1

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
intranet-server
nessus
exploit available
NVD
Published: 2001-03-26
Updated: 2017-10-10

Summary

Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request.

Vulnerable Configurations

Part Description Count
Application
Intranet-Server
1

Exploit-Db

descriptionLocalWEB2000 1.1 Directory Traversal Vulnerability. CVE-2001-0189. Local exploit for windows platform
idEDB-ID:20585
last seen2016-02-02
modified2001-01-22
published2001-01-22
reporterSNS Research
sourcehttps://www.exploit-db.com/download/20585/
titlelocalweb2000 1.1 - Directory Traversal Vulnerability

Nessus

NASL familyWeb Servers
NASL idLOCALWEB2K.NASL
descriptionThe remote host is running LocalWeb2000. Version 2.1.0 of LocalWeb2000 allows an attacker to view protected files on the host
last seen2020-06-01
modified2020-06-02
plugin id11005
published2002-06-05
reporterThis script is Copyright (C) 2002-2016 Jason Lidow <[email protected]>
sourcehttps://www.tenable.com/plugins/nessus/11005
titleLocalWeb2000 2.1.0 Multiple Remote Vulnerabilities
code
# This script was created by Jason Lidow <[email protected]>
# The vulnerability was originally discovered by [email protected] 

# Changes by Tenable:
# - Revised plugin title, output formatting, family change (9/5/09)


include("compat.inc");

if(description)
{
	script_id(11005);
	script_version("1.26");
	script_cve_id("CVE-2001-0189", "CVE-2002-0897");
	script_bugtraq_id(2268, 4820, 7947);

	script_name(english:"LocalWeb2000 2.1.0 Multiple Remote Vulnerabilities");

 script_set_attribute(attribute:"synopsis", value:
"The remote host is vulnerable to several information disclosure flaws." );
 script_set_attribute(attribute:"description", value:
"The remote host is running LocalWeb2000. 

Version 2.1.0 of LocalWeb2000 allows an attacker to view protected 
files on the host's computer. 

It may also disclose the NetBIOS name of the remote host when
it receives malformed directory requests." );
 script_set_attribute(attribute:"solution", value:
"Contact http://www.intranet-server.co.uk for an update." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2002/06/05");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/01/19");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();


	script_summary(english:"Checks for LocalWeb2000");
	script_category(ACT_GATHER_INFO);
	script_copyright(english:"This script is Copyright (C) 2002-2016 Jason Lidow <[email protected]>");
	script_family(english:"Web Servers");
	script_dependencie("http_version.nasl", "find_service1.nasl", "httpver.nasl", "no404.nasl");
	script_require_ports("Services/www", 80);
	exit(0);
}

include("http_func.inc");

port = get_http_port(default:80, embedded:TRUE);


if(!get_port_state(port))exit(0);


banner = get_http_banner(port:port);
  
  

if(banner)
{
	if(egrep(pattern:"^Server: .*LocalWEB2000.*" , string:banner, icase:TRUE))
	{
	security_hole(port);
	}
}

References