Vulnerabilities > CVE-2001-0555 - Unspecified vulnerability in Screaming Media Siteware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | SiteWare 2.5/3.0/3.1 Editor Desktop Directory Traversal Vulnerability. CVE-2001-0555. Webapps exploit for java platform |
id | EDB-ID:20925 |
last seen | 2016-02-02 |
modified | 2001-06-13 |
published | 2001-06-13 |
reporter | Foundstone Labs |
source | https://www.exploit-db.com/download/20925/ |
title | SiteWare 2.5/3.0/3.1 Editor Desktop Directory Traversal Vulnerability |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html
- http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html
- http://www.kb.cert.org/vuls/id/795707
- http://www.osvdb.org/13887
- http://www.securityfocus.com/bid/2869
- http://www01.screamingmedia.com/en/security/sms1001.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6689