CVE-2001-0555

Published: Jul 27, 2001

Modified: Aug 8, 2024

PUBLISHED

Description

ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

VU#795707

third-party-advisory

x_refsource_CERT-VN

http://www01.screamingmedia.com/en/security/sms1001.php

x_refsource_CONFIRM

siteware-dot-file-retrieval(6689)

vdb-entry

x_refsource_XF

13887

vdb-entry

x_refsource_OSVDB

20010613 ScreamingMedia SITEWare source code disclosure vulnerability

mailing-list

x_refsource_BUGTRAQ

20010613 ScreamingMedia SITEWare arbitrary file retrieval vulnerability

mailing-list

x_refsource_BUGTRAQ

2869

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2001-0555

Description

Affected Products

References