Vulnerability CVE-2002-1837


Published: 2002-12-31   Modified: 2012-02-12

Description:
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
IDS -> IDS 

 References:
http://www.securityfocus.com/bid/4870
http://www.iss.net/security_center/static/9201.php
http://ids.sourceforge.net/ChangeLog.html

Copyright 2024, cxsecurity.com

 

Back to Top