PT-2002-1274 · Oracle · Tarantella Enterprise
Published
2002-05-03
·
Updated
2024-02-14
·
CVE-2002-0203
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tarantella Enterprise versions 3.0x through 3.20
Tarantella Enterprise version 3.11.903
Description
The issue allows remote attackers to view directory contents. This is achieved by providing an empty
pg parameter in the ttawebtop.cgi script.Recommendations
For Tarantella Enterprise versions 3.0x through 3.20, avoid using the
ttawebtop.cgi script with an empty pg parameter until a fix is available.
For Tarantella Enterprise version 3.11.903, consider restricting access to the ttawebtop.cgi script to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tarantella Enterprise