Vulnerabilities > CVE-2001-0224 - Path Disclosure vulnerability in Brightstation Muscat Empower 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Brightstation Muscat 1.0 Root Path Disclosure Vulnerability. CVE-2001-0224. Remote exploit for cgi platform |
| id | EDB-ID:20633 |
| last seen | 2016-02-02 |
| modified | 2001-02-12 |
| published | 2001-02-12 |
| reporter | cuctema |
| source | https://www.exploit-db.com/download/20633/ |
| title | Brightstation Muscat 1.0 Root Path Disclosure Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | EMPOWER_PATH.NASL |
| description | The remote host appears to be running Muscat Empower. It was possible to get the physical location of a virtual web directory by issuing the following command : GET /cgi-bin/empower?DB=whatever HTTP/1.0 A remote attacker could use this information to mount further attacks. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10609 |
| published | 2001-02-13 |
| reporter | This script is Copyright (C) 2001-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10609 |
| title | Muscat Empower CGI Malformed DB Parameter Path Disclosure |