Vulnerabilities > CVE-2002-0215 - Path Disclosure vulnerability in Agora.CGI Debug Mode

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

steve-kneizys

exploit available

NVD

Published: 2002-05-16

Updated: 2008-09-11

Summary

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.

Vulnerable Configurations

Part	Description	Count
Application	Steve_Kneizys Steve Kneizys Agora.Cgi 3.2 Steve Kneizys Agora.Cgi 3.2A Steve Kneizys Agora.Cgi 3.2B Steve Kneizys Agora.Cgi 3.2C Steve Kneizys Agora.Cgi 3.2D Steve Kneizys Agora.Cgi 3.2E Steve Kneizys Agora.Cgi 3.2F Steve Kneizys Agora.Cgi 3.2G Steve Kneizys Agora.Cgi 3.2H Steve Kneizys Agora.Cgi 3.2I Steve Kneizys Agora.Cgi 3.2J Steve Kneizys Agora.Cgi 3.2Ja Steve Kneizys Agora.Cgi 3.2K Steve Kneizys Agora.Cgi 3.2L Steve Kneizys Agora.Cgi 3.2M Steve Kneizys Agora.Cgi 3.2N Steve Kneizys Agora.Cgi 3.2P Steve Kneizys Agora.Cgi 3.2Q Steve Kneizys Agora.Cgi 3.2R Steve Kneizys Agora.Cgi 3.3A Steve Kneizys Agora.Cgi 3.3B Steve Kneizys Agora.Cgi 3.3C Steve Kneizys Agora.Cgi 3.3D Steve Kneizys Agora.Cgi 3.3E Steve Kneizys Agora.Cgi 3.3F Steve Kneizys Agora.Cgi 3.3I Steve Kneizys Agora.Cgi 3.3J Steve Kneizys Agora.Cgi 4.0 Steve Kneizys Agora.Cgi 4.0A Steve Kneizys Agora.Cgi 4.0B Steve Kneizys Agora.Cgi 4.0C Steve Kneizys Agora.Cgi 4.0D Steve Kneizys Agora.Cgi 4.0E	33

Exploit-Db

description	Agora.CGI 3/4 Debug Mode Path Disclosure Vulnerability. CVE-2002-0215. Remote exploit for cgi platform
id	EDB-ID:21249
last seen	2016-02-02
modified	2002-01-28
published	2002-01-28
reporter	superpetz
source	https://www.exploit-db.com/download/21249/
title	Agora.CGI 3/4 Debug Mode Path Disclosure Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References