CVE-2002-0300

high

Description

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.

References

http://www.securityfocus.com/bid/4125

http://www.iss.net/security_center/static/8240.php

http://www.debian.org/security/2002/dsa-114

http://marc.info/?l=bugtraq&m=101422432123898&w=2

http://marc.info/?l=bugtraq&m=101415804625292&w=2

Details

Source: Mitre, NVD

Published: 2002-05-31

Updated: 2016-10-18

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High