Overview
The SEDUM web server permits intruders to access files outside the web root.
Description
The SEDUM Web Server permits intruders to access files outside the web root using a GET request containing ".." (dot dot). This can expose files (including files with sensitive information) to exposure by unauthorized individuals. |
Impact
Intruders can read files accessible to the SEDUM web server they should not be able to read . |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Our thanks to Joe Testa, who originally reported this problem on BugTraq.
This document was written by Shawn V. Hernan.
Other Information
| CVE IDs: | CVE-2001-0199 |
| Severity Metric: | 1.50 |
| Date Public: | 2001-02-04 |
| Date First Published: | 2001-05-16 |
| Date Last Updated: | 2001-06-26 02:52 UTC |
| Document Revision: | 5 |