Vulnerability Description
Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Peter Sandvik | Simple Web Server | <= 0.5.1 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0065.html
- http://marc.info/?l=bugtraq&m=103679016031857&w=2
- http://www.idefense.com/advisory/11.08.02a.txtExploitVendor Advisory
- http://www.securityfocus.com/bid/6145
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10563
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0065.html
- http://marc.info/?l=bugtraq&m=103679016031857&w=2
- http://www.idefense.com/advisory/11.08.02a.txtExploitVendor Advisory
- http://www.securityfocus.com/bid/6145
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10563
FAQ
What is CVE-2002-1238?
CVE-2002-1238 is a vulnerability with a CVSS score of 7.5 (HIGH). Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://...
How severe is CVE-2002-1238?
CVE-2002-1238 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1238?
Check the references section above for vendor advisories and patch information. Affected products include: Peter Sandvik Simple Web Server.