Vulnerability Description
db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Db4Web | Db4Web | 3.4 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0197.htmlVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0124.htmlVendor Advisory
- http://www.db4web.de/download/homepage/hotfix/readme_en.txt
- http://www.iss.net/security_center/static/10123.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5723
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0197.htmlVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0124.htmlVendor Advisory
- http://www.db4web.de/download/homepage/hotfix/readme_en.txt
- http://www.iss.net/security_center/static/10123.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5723
FAQ
What is CVE-2002-1483?
CVE-2002-1483 is a vulnerability with a CVSS score of 5.0 (MEDIUM). db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolu...
How severe is CVE-2002-1483?
CVE-2002-1483 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1483?
Check the references section above for vendor advisories and patch information. Affected products include: Db4Web Db4Web.