CVE-2002-1483

Published: Mar 18, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

db4web-db4webc-directory-traversal(10123)

vdb-entry

x_refsource_XF

http://www.db4web.de/download/homepage/hotfix/readme_en.txt

x_refsource_CONFIRM

20020917 Advisory: File disclosure in DB4Web

mailing-list

x_refsource_BUGTRAQ

5723

vdb-entry

x_refsource_BID

20020919 Advisory: File disclosure in DB4Web

mailing-list

x_refsource_VULNWATCH

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2002-1483

Description

Affected Products

References