Vulnerabilities > CVE-2002-1864 - Unspecified vulnerability in SWS Simple web Server

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sws

metasploit

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP request.

Vulnerable Configurations

Part	Description	Count
Application	Sws SWS SWS Simple WEB Server 0.0.3 SWS SWS Simple WEB Server 0.0.4 SWS SWS Simple WEB Server 0.1.0 SWS SWS Simple WEB Server 0.1.1	4

Metasploit

description	This module exploits a directory traversal vulnerability found in Simple Web Server 2.3-RC1.
id	MSF:AUXILIARY/SCANNER/HTTP/SIMPLE_WEBSERVER_TRAVERSAL
last seen	2020-06-01
modified	2019-03-05
published	2013-02-06
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1864 https://seclists.org/bugtraq/2013/Jan/12
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/simple_webserver_traversal.rb
title	Simple Web Server 2.3-RC1 Directory Traversal

Summary

Vulnerable Configurations

Metasploit

References