Vulnerability Description
iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Critical Path | Injoin Directory Server | 4.0 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/9054.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4718ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/9054.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4718ExploitPatchVendor Advisory
FAQ
What is CVE-2002-0786?
CVE-2002-0786 is a vulnerability with a CVSS score of 5.0 (MEDIUM). iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter.
How severe is CVE-2002-0786?
CVE-2002-0786 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0786?
Check the references section above for vendor advisories and patch information. Affected products include: Critical Path Injoin Directory Server.