CVE-2003-1172

Name of the Vulnerable Software and Affected Versions Apache Software Foundation Cocoon versions 2.1 through 2.2

Description The issue allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter. This is a directory traversal vulnerability in the view-source sample file.

Recommendations For Apache Software Foundation Cocoon versions 2.1 through 2.2, consider restricting access to the view-source sample file until a patch is available. Avoid using the filename parameter with untrusted input in the affected API endpoint until the issue is resolved.