Vulnerability Description
BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fraunhofer Fit | Bscw | <= 4.0.2_beta |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-08/0328.htmlPatchVendor Advisory
- http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txtPatchVendor Advisory
- http://www.iss.net/security_center/static/7029.php
- http://www.kb.cert.org/vuls/id/465971US Government Resource
- http://www.securityfocus.com/bid/3227
- http://archives.neohapsis.com/archives/bugtraq/2001-08/0328.htmlPatchVendor Advisory
- http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txtPatchVendor Advisory
- http://www.iss.net/security_center/static/7029.php
- http://www.kb.cert.org/vuls/id/465971US Government Resource
- http://www.securityfocus.com/bid/3227
FAQ
What is CVE-2001-0973?
CVE-2001-0973 is a vulnerability with a CVSS score of 6.4 (MEDIUM). BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.
How severe is CVE-2001-0973?
CVE-2001-0973 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0973?
Check the references section above for vendor advisories and patch information. Affected products include: Fraunhofer Fit Bscw.