PT-2001-1980 · Oracle · Tarantella Enterprise
Published
2001-12-06
·
Updated
2024-02-14
·
CVE-2001-0805
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tarantella Enterprise versions 3.00 through 3.01
Description
A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the
pg parameter of the ttawebtop.cgi endpoint.Recommendations
For versions 3.00 and 3.01, restrict access to the ttawebtop.cgi endpoint to minimize the risk of exploitation. Avoid using the
pg parameter in the ttawebtop.cgi endpoint until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tarantella Enterprise