CVE-2002-1628

Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/250107	Patch US Government Resource
http://www.securityfocus.com/bid/3854	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/7971
http://www.kb.cert.org/vuls/id/250107	Patch US Government Resource
http://www.securityfocus.com/bid/3854	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/7971

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mike_spice:mikes_vote_cgi:1.0:::::::*
	cpe:2.3:a:mike_spice:mikes_vote_cgi:1.1:::::::*
	cpe:2.3:a:mike_spice:mikes_vote_cgi:1.2:::::::*

History

20 Nov 2024, 23:41

Type	Values Removed	Values Added
References	~~() http://www.kb.cert.org/vuls/id/250107 - Patch, US Government Resource~~	() http://www.kb.cert.org/vuls/id/250107 - Patch, US Government Resource
References	~~() http://www.securityfocus.com/bid/3854 - Patch~~	() http://www.securityfocus.com/bid/3854 - Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/7971 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/7971 -

Information

Published : 2002-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2002-1628

Mitre link : CVE-2002-1628

CVE.ORG link : CVE-2002-1628

JSON object : View

Products Affected

mike_spice

mikes_vote_cgi

CWE

NVD-CWE-Other

{"id": "CVE-2002-1628", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://www.kb.cert.org/vuls/id/250107", "tags": ["Patch", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3854", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7971", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/250107", "tags": ["Patch", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/3854", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7971", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mike_spice:mikes_vote_cgi:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18F2CBA4-5BE2-42EB-BDCB-B732CB1507EB"}, {"criteria": "cpe:2.3:a:mike_spice:mikes_vote_cgi:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5A821F3-3E65-4913-8BBA-FED42FF8B654"}, {"criteria": "cpe:2.3:a:mike_spice:mikes_vote_cgi:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BB9056D-44CB-42B8-A929-99610C556372"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}