Vulnerability Name:
CVE-2003-0676 (CCN-12874)
Assigned:
2003-08-12
Published:
2003-08-12
Updated:
2016-10-18
Summary:
Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
5.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Obtain Information
References:
Source: MITRE
Type: CNA
CVE-2003-0676
Source: BUGTRAQ
Type: UNKNOWN
20030808 Directory Traversal in Sun iPlanet Administration Server 5.1
Source: CCN
Type: OSVDB ID: 2400
Sun iPlanet Administration Server ViewLog Arbitrary File Access
Source: CCN
Type: BID-8367
Sun One/IPlanet Administration Server Directory Traversal Vulnerability
Source: CCN
Type: Sun Microsystems Web site
Sun ONE Directory Server 5.2
Source: XF
Type: UNKNOWN
sunone-viewlog-directory-traversal(12874)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:sun:iplanet_directory_server:5.0:*:*:*:*:*:*:*
OR
cpe:/a:sun:iplanet_directory_server:5.1:*:*:*:*:*:*:*
OR
cpe:/a:sun:iplanet_directory_server:5.1:sp1:*:*:*:*:*:*
OR
cpe:/a:sun:iplanet_directory_server:5.1:sp2:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.0:*:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.0:sp1:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.0_sp2:*:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.1:*:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.1:sp1:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.1:sp2:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:sun:one_directory_server:5.1:*:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:4.16:*:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:4.16:sp1:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.0:*:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.0:sp1:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.1:sp1:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.1:sp2:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.1:sp3:*:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.1:sp3:x86:*:*:*:*:*
OR
cpe:/a:sun:one_directory_server:5.1:sp4:*:*:*:*:*:*
AND
cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
OR
cpe:/o:ibm:aix:5.1:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
OR
cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2000:-:sp3:*:*:advanced_server:*:*:*
Denotes that component is vulnerable
BACK
sun
iplanet directory server 5.0
sun
iplanet directory server 5.1
sun
iplanet directory server 5.1 sp1
sun
iplanet directory server 5.1 sp2
sun
one directory server 5.0
sun
one directory server 5.0 sp1
sun
one directory server 5.0_sp2
sun
one directory server 5.1
sun
one directory server 5.1 sp1
sun
one directory server 5.1 sp2
sun
one directory server 5.1
sun
one directory server 4.16
sun
one directory server 4.16 sp1
sun
one directory server 5.0
sun
one directory server 5.0 sp1
sun
one directory server 5.1 sp1
sun
one directory server 5.1 sp2
sun
one directory server 5.1 sp3
sun
one directory server 5.1 sp3
sun
one directory server 5.1 sp4
sun
solaris 8
ibm
aix 5.1
redhat
linux 7.2
sun
solaris 9
microsoft
windows 2000 - sp3
Denotes that component is vulnerable