CVE-2001-0253

Name of the Vulnerable Software and Affected Versions iWeb Hyperseek 2000

Description A directory traversal issue exists in the hsx.cgi program, allowing remote attackers to read arbitrary files and directories. This is achieved by using a .. (dot dot) attack in the show parameter of the API endpoint.

Recommendations For iWeb Hyperseek 2000, consider restricting access to the hsx.cgi program until a patch is available. As a temporary workaround, avoid using the show parameter in the affected API endpoint to minimize the risk of exploitation.