CVE-1999-1050

Опубликовано: 12 нояб. 1999

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template.

Ссылки

http://www.securityfocus.com/archive/1/34600
http://www.securityfocus.com/archive/1/34939
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/798
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/799
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/3550
http://www.securityfocus.com/archive/1/34600
http://www.securityfocus.com/archive/1/34939
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/798
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/799
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/3550

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:matt_wright:formhandler.cgi:1.0:*:*:*:*:*:*:*

cpe:2.3:a:matt_wright:formhandler.cgi:2.0:*:*:*:*:*:*:*

cpe:2.3:a:matt_wright:formhandler.cgi:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04819

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-rrx8-7p59-h436

github

больше 3 лет назад