search menu icon-carat-right cmu-wordmark

CERT Coordination Center

SEDUM HTTP server permits directory traversal

Vulnerability Note VU#651994

Original Release Date: 2001-05-16 | Last Revised: 2001-06-26

Overview

The SEDUM web server permits intruders to access files outside the web root.

Description

The SEDUM Web Server permits intruders to access files outside the web root using a GET request containing ".." (dot dot). This can expose files (including files with sensitive information) to exposure by unauthorized individuals.

Impact

Intruders can read files accessible to the SEDUM web server they should not be able to read .

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Vendor Information

No information available at this time.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Our thanks to Joe Testa, who originally reported this problem on BugTraq.

This document was written by Shawn V. Hernan.

Other Information

CVE IDs: CVE-2001-0199
Severity Metric: 1.50
Date Public: 2001-02-04
Date First Published: 2001-05-16
Date Last Updated: 2001-06-26 02:52 UTC
Document Revision: 5

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.