Vulnerability Note VU#651994

SEDUM HTTP server permits directory traversal

Original Release date: 15 May 2001 | Last revised: 25 Jun 2001

Overview

The SEDUM web server permits intruders to access files outside the web root.

Description

The SEDUM Web Server permits intruders to access files outside the web root using a GET request containing ".." (dot dot). This can expose files (including files with sensitive information) to exposure by unauthorized individuals.

Impact

Intruders can read files accessible to the SEDUM web server they should not be able to read .

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Systems Affected (Learn More)

No information available. If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Our thanks to Joe Testa, who originally reported this problem on BugTraq.

This document was written by Shawn V. Hernan.

Other Information

  • CVE IDs: CAN-2001-0199
  • Date Public: 04 Feb 2001
  • Date First Published: 15 May 2001
  • Date Last Updated: 25 Jun 2001
  • Severity Metric: 1.50
  • Document Revision: 5

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.