CVE-2002-1837
First published: Tue Dec 31 2002(Updated: )
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IDS | =0.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-1837?
CVE-2002-1837 is considered a medium severity vulnerability due to directory traversal concerns.
How do I fix CVE-2002-1837?
To fix CVE-2002-1837, you should sanitize the 'album' parameter input to prevent directory traversal.
What are the potential impacts of CVE-2002-1837?
The potential impacts of CVE-2002-1837 include unauthorized access to sensitive directory information.
Who is affected by CVE-2002-1837?
CVE-2002-1837 affects users of Image Display System (IDS) version 0.81.
What is the nature of the vulnerability in CVE-2002-1837?
CVE-2002-1837 allows remote attackers to exploit directory traversal to determine the existence of arbitrary directories.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/ids
- canonical/ids
- version/ids/0.8.1