CVE-2004-1496 : Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary

Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash).

Published 2004-12-31 05:00:00

Updated 2016-10-18 02:55:09

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2004-1496

Probability of exploitation activity in the next 30 days: 0.29%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-1496

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2004-1496

http://marc.info/?l=bugtraq&m=109943267328552&w=2

CVEs referencing this url

Products affected by CVE-2004-1496

Minihttpserver.net » Web Forums Server » Version: 1.6
cpe:2.3:a:minihttpserver.net:web_forums_server:1.6:*:*:*:*:*:*:*
Matching versions
Minihttpserver.net » Web Forums Server » Version: 2.0 Power Pack
cpe:2.3:a:minihttpserver.net:web_forums_server:2.0_power_pack:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2004-1496

Exploit prediction scoring system (EPSS) score for CVE-2004-1496

CVSS scores for CVE-2004-1496

References for CVE-2004-1496

Products affected by CVE-2004-1496