LocalWeb2000 2.10 Crafted Request File Disclosure

High Nessus Network Monitor Plugin ID 1508

Synopsis

The remote host is running LocalWeb2000.

Description

The remote host is running LocalWeb2000. Versions of this software up to and including 2.10 allow an attacker to read normally protected files by prepending a dot in front of their name.

Solution

The product is no longer supported by the vendor.

Plugin Details

Severity: High

ID: 1508

File Name: 1508.prm

Family: Web Servers

Published: 2004/08/18

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 11005

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 7.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Reference Information

CVE: CVE-2001-0189, CVE-2002-0897

BID: 4820, 7947, 2268