Vulnerability Description
GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acd Incorporated | Cwpapi | 1.1 |
References
- http://online.securityfocus.com/archive/1/251699
- http://sourceforge.net/forum/forum.php?forum_id=144966Patch
- http://www.iss.net/security_center/static/7981.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/3924
- http://online.securityfocus.com/archive/1/251699
- http://sourceforge.net/forum/forum.php?forum_id=144966Patch
- http://www.iss.net/security_center/static/7981.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/3924
FAQ
What is CVE-2002-0196?
CVE-2002-0196 is a vulnerability with a CVSS score of 6.4 (MEDIUM). GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in othe...
How severe is CVE-2002-0196?
CVE-2002-0196 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0196?
Check the references section above for vendor advisories and patch information. Affected products include: Acd Incorporated Cwpapi.