Vulnerability Description
CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cgiscript.Net | Cspassword | 1.0 |
References
- http://online.securityfocus.com/archive/1/274727
- http://www.iss.net/security_center/static/9221.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4887ExploitPatchVendor Advisory
- http://online.securityfocus.com/archive/1/274727
- http://www.iss.net/security_center/static/9221.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4887ExploitPatchVendor Advisory
FAQ
What is CVE-2002-0918?
CVE-2002-0918 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the info...
How severe is CVE-2002-0918?
CVE-2002-0918 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0918?
Check the references section above for vendor advisories and patch information. Affected products include: Cgiscript.Net Cspassword.