CVE-2002-0307 : Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to d

Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function.

Published 2002-05-31 04:00:00

Updated 2016-10-18 02:18:50

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2002-0307

Probability of exploitation activity in the next 30 days: 4.65%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-0307

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2002-0307

Products affected by CVE-2002-0307

Avengers News System » Avengers News System » Version: 2.11
cpe:2.3:a:avengers_news_system:avengers_news_system:2.11:*:*:*:*:*:*:*
Matching versions
Avengers News System » Avengers News System » Version: 2.01
cpe:2.3:a:avengers_news_system:avengers_news_system:2.01:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-0307

Exploit prediction scoring system (EPSS) score for CVE-2002-0307

CVSS scores for CVE-2002-0307

References for CVE-2002-0307

Products affected by CVE-2002-0307