CVE-2002-0934 : Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remot

Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file.

Published 2002-10-04 04:00:00

Updated 2008-09-05 20:29:20

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2002-0934

Probability of exploitation activity in the next 30 days: 0.34%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-0934

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

References for CVE-2002-0934

http://www.iss.net/security_center/static/9325.php

Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-06/0068.html
http://www.securityfocus.com/bid/4983

Vendor Advisory

Products affected by CVE-2002-0934

Jon Hedley » Alienform2 » Version: 1.5
cpe:2.3:a:jon_hedley:alienform2:1.5:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-0934

Exploit prediction scoring system (EPSS) score for CVE-2002-0934

CVSS scores for CVE-2002-0934

References for CVE-2002-0934

Products affected by CVE-2002-0934