CVE-2002-1837

Name of the Vulnerable Software and Affected Versions Image Display System (IDS) version 0.81

Description The issue allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter. This is due to the getAlbumToDisplay function in idsShared.pm generating different error messages depending on whether the directory exists or not.

Recommendations For version 0.81, consider restricting access to the getAlbumToDisplay function until a patch is available. As a temporary workaround, avoid using the album parameter with ".." sequences in the affected API endpoint.