Vulnerability Description
Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stalker | Communigate Pro | <= 4.0b4 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0016.html
- http://www.iss.net/security_center/static/9463.php
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0016.html
- http://www.iss.net/security_center/static/9463.php
FAQ
What is CVE-2002-2375?
CVE-2002-2375 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (do...
How severe is CVE-2002-2375?
CVE-2002-2375 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2375?
Check the references section above for vendor advisories and patch information. Affected products include: Stalker Communigate Pro.