CVE
- Id
- 3368
- CVE No.
- CVE-2001-0555
- Status
- Candidate
- Description
- ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor"s Desktop or (2) the template parameter in SWEditServlet.
- Phase
- Modified (20050509)
- Votes
- ACCEPT(6) Armstrong, Cole, Foat, Prosser, Stracener, Ziese | MODIFY(1) Frech | NOOP(2) Christey, Wall
- Comments
- Christey> ********************************************************************* | Note that this candidate was inadvertently used in Microsoft bulletin | MS01-044, for an unrelated vulnerability. The ScreamingMedia | SITEware problem is the correct vulnerability for | CVE-2001-0555. A different candidate will be used for the problem | described in the Microsoft bulletin. | ********************************************************************* | Frech> XF:siteware-dot-file-retrieval(6689) | Prosser> http://www01.screamingmedia.com/en/security/sms1001.php | Christey> Consider adding BID:3191 | Christey> CHANGEREF CONFIRM:http://www01.screamingmedia.com/en/security/security_notice.php?doc=sms1001 | CERT-VN:VU#795707 | URL:http://www.kb.cert.org/vuls/id/795707 | BID:2869 | URL:http://www.securityfocus.com/bid/2869 | XF:siteware-dot-file-retrieval(6689) | URL:http://xforce.iss.net/static/6689.php | | *DON"T* add BID:3191 - that"s for the Microsoft issue.
