Vulnerability Description
Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Analogx | Simpleserver Www | <= 1.13 |
Related Weaknesses (CWE)
References
- http://seclists.org/bugtraq/2001/Jul/660Exploit
- http://www.analogx.com/contents/download/network/sswww.htm
- http://www.securiteam.com/windowsntfocus/5TP0B1P4UK.htmlExploit
- http://www.securityfocus.com/bid/3112Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56631
- http://seclists.org/bugtraq/2001/Jul/660Exploit
- http://www.analogx.com/contents/download/network/sswww.htm
- http://www.securiteam.com/windowsntfocus/5TP0B1P4UK.htmlExploit
- http://www.securityfocus.com/bid/3112Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56631
FAQ
What is CVE-2001-1586?
CVE-2001-1586 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ direc...
How severe is CVE-2001-1586?
CVE-2001-1586 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1586?
Check the references section above for vendor advisories and patch information. Affected products include: Analogx Simpleserver Www.