LocalWeb2000 2.10 Crafted Request File Disclosure

high Nessus Network Monitor Plugin ID 1508

Synopsis

The remote host is running LocalWeb2000.

Description

The remote host is running LocalWeb2000. Versions of this software up to and including 2.10 allow an attacker to read normally protected files by prepending a dot in front of their name.

Solution

The product is no longer supported by the vendor.

Plugin Details

Severity: High

ID: 1508

Family: Web Servers

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 11005

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:intranet-server:localweb2000

Reference Information

CVE: CVE-2001-0189, CVE-2002-0897

BID: 4820, 7947, 2268