CVE-2002-0921 : CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pa

CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages.

Published 2002-10-04 04:00:00

Updated 2008-09-05 20:29:18

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2002-0921

Probability of exploitation activity in the next 30 days: 0.94%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-0921

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2002-0921

Products affected by CVE-2002-0921

Cgiscript.net » Csnews » Version: 1.0
cpe:2.3:a:cgiscript.net:csnews:1.0:*:*:*:*:*:*:*
Matching versions
Cgiscript.net » Csnews » Version: 1.0 Professional
cpe:2.3:a:cgiscript.net:csnews:1.0_professional:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-0921

Exploit prediction scoring system (EPSS) score for CVE-2002-0921

CVSS scores for CVE-2002-0921

References for CVE-2002-0921

Products affected by CVE-2002-0921