Vulnerability Name:

CVE-2001-0805 (CCN-6723)

Assigned:2001-06-18
Published:2001-06-18
Updated:2017-10-10
Summary:Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: BugTraq Mailing List, Mon Jun 18 2001 - 12:18:08 CDT
SCO Tarantella Remote file read via ttawebtop.cgi

Source: CCN
Type: BugTraq Mailing List, Tue Jun 19 2001 - 09:09:35 CDT
Re: SCO Tarantella Remote file read via ttawebtop.cgi

Source: CCN
Type: BugTraq Mailing List, Thu Jan 24 2002 - 01:33:02 CST
ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability

Source: CCN
Type: BugTraq Mailing List, Fri Jan 25 2002 - 08:01:44 CST
Re: ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability

Source: MITRE
Type: CNA
CVE-2001-0805

Source: MITRE
Type: CNA
CVE-2002-0203

Source: CCN
Type: OSVDB ID: 575
Tarantella Enterprise ttawebtop.cgi pg Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 8737
Tarantella Server ttawebtop.cgi Arbitrary Directory Listing

Source: BUGTRAQ
Type: Exploit, Patch
20010619 Re: SCO Tarantella Remote file read via ttawebtop.cgi

Source: BUGTRAQ
Type: UNKNOWN
20010618 SCO Tarantella Remote file read via ttawebtop.cgi

Source: BID
Type: Exploit, Patch, Vendor Advisory
2890

Source: CCN
Type: BID-2890
Tarantella TTAWebTop.CGI Arbitrary File Viewing Vulnerability

Source: CCN
Type: Tarantella Web site
What's New in version 3.1

Source: CCN
Type: Tarantella Security Bulletin #03
ttawebtop.cgi exposes files and directories accessible through the web server

Source: XF
Type: UNKNOWN
tarantella-ttawebtop-read-files(6723)

Source: XF
Type: UNKNOWN
tarantella-ttawebtop-read-files(6723)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:tarantella:tarantella_enterprise:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:tarantella:tarantella_enterprise:3.01:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:tarantella:tarantella_enterprise:3.01:*:*:*:*:*:*:*
  • OR cpe:/a:tarantella:tarantella_enterprise:3.10:*:*:*:*:*:*:*
  • OR cpe:/a:tarantella:tarantella_enterprise:3.11:*:*:*:*:*:*:*
  • OR cpe:/a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    tarantella tarantella enterprise 3.0
    tarantella tarantella enterprise 3.01
    tarantella tarantella enterprise 3.01
    tarantella tarantella enterprise 3.10
    tarantella tarantella enterprise 3.11
    tarantella tarantella enterprise 3.20