CVE-2002-0307

Name of the Vulnerable Software and Affected Versions Avenger's News System (ANS) versions 2.11 and earlier

Description A directory traversal issue allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system. This is achieved by using a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval() function.

Recommendations For Avenger's News System (ANS) versions 2.11 and earlier, as a temporary workaround, consider restricting access to the ans.pl script until a patch is available. Avoid using the p parameter in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.