Vulnerability CVE-2002-0203 - CERT Civis.Net

Vulnerability Name:

CVE-2002-0203 (CCN-6723)

Assigned:

2001-06-18

Published:

2001-06-18

Updated:

2016-10-18

Summary:

ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

File Manipulation

References:

Source: CCN
Type: BugTraq Mailing List, Mon Jun 18 2001 - 12:18:08 CDT
SCO Tarantella Remote file read via ttawebtop.cgi

Source: CCN
Type: BugTraq Mailing List, Tue Jun 19 2001 - 09:09:35 CDT
Re: SCO Tarantella Remote file read via ttawebtop.cgi

Source: CCN
Type: BugTraq Mailing List, Thu Jan 24 2002 - 01:33:02 CST
ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability

Source: CCN
Type: BugTraq Mailing List, Fri Jan 25 2002 - 08:01:44 CST
Re: ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability

Source: MITRE
Type: CNA
CVE-2001-0805

Source: MITRE
Type: CNA
CVE-2002-0203

Source: BUGTRAQ
Type: UNKNOWN
20020124 ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability

Source: CCN
Type: OSVDB ID: 575
Tarantella Enterprise ttawebtop.cgi pg Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 8737
Tarantella Server ttawebtop.cgi Arbitrary Directory Listing

Source: CCN
Type: BID-2890
Tarantella TTAWebTop.CGI Arbitrary File Viewing Vulnerability

Source: CCN
Type: Tarantella Web site
What's New in version 3.1

Source: CCN
Type: Tarantella Security Bulletin #03
ttawebtop.cgi exposes files and directories accessible through the web server

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.tarantella.com/security/bulletin-03.html

Source: XF
Type: UNKNOWN
tarantella-ttawebtop-read-files(6723)

Vulnerable Configuration:

Configuration 1:

cpe:/a:tarantella:tarantella_enterprise:3.0:*:*:*:*:*:*:*

OR cpe:/a:tarantella:tarantella_enterprise:3.10:*:*:*:*:*:*:*

OR cpe:/a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:tarantella:tarantella_enterprise:3.01:*:*:*:*:*:*:*

OR cpe:/a:tarantella:tarantella_enterprise:3.10:*:*:*:*:*:*:*

OR cpe:/a:tarantella:tarantella_enterprise:3.11:*:*:*:*:*:*:*

OR cpe:/a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*

Denotes that component is vulnerable