CVE-2002-0196
First published: Thu May 16 2002(Updated: )
GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CwpAPI | =1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0196?
CVE-2002-0196 has been classified as a medium severity vulnerability.
How do I fix CVE-2002-0196?
To fix CVE-2002-0196, it is recommended to upgrade to a newer version of CwpAPI that addresses this vulnerability.
What type of attacks can CVE-2002-0196 facilitate?
CVE-2002-0196 can facilitate remote file read or write attacks outside the web root, allowing unauthorized access to sensitive files.
Which software is impacted by CVE-2002-0196?
CVE-2002-0196 affects ACD Incorporated CwpAPI version 1.1.
Is there a known exploit for CVE-2002-0196?
Yes, there are known exploits that take advantage of the vulnerability in CVE-2002-0196 to manipulate file paths.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/acd incorporated
- canonical/cwpapi
- version/cwpapi/1.1