PT-2004-3337 · Freedom Scientific · Jaws

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2445

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Jaws version 0.3 BETA

Description: A directory traversal issue exists, allowing remote attackers to view arbitrary files by utilizing a .. (dot dot) in the gadget parameter of the index.php file.

Recommendations: For Jaws version 0.3 BETA, consider restricting access to the gadget parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the gadget parameter with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2445

Affected Products

Jaws

PT-2004-3337 · Freedom Scientific · Jaws

CVE-2004-2445

Related Identifiers

Affected Products

References · 7