{"vuid":"VU#146704","idnumber":"146704","name":"Hyperseek 2000 hsx.cgi does not adequately filter user input disclosing directory listings and file contents","keywords":["Hyperseek 2000","hsx.cgi"],"overview":"iWeb Systems Hyperseek search engine may allow malformed URL requests to access files outside the document root of a vulnerable system.","clean_desc":"A specially crafted URL can disclose the directory listing and files of the target system with read permissions.","impact":"Remote attackers may be able to disclose directory listings and files of the target system with read permissions.","resolution":"Contact the vendor to obtain a patch.","workarounds":"","sysaffected":"","thanks":"Mc GaN <vipersv@mail.ru>, has been publicly credited for discovering this vulnerability.","author":"This document was written by Ian A. Finlay.","public":["http://www.securityfocus.com/bid/2314","   http://www.hyperseek.com/hyperseek/"],"cveids":["CVE-2001-0253"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-01-30T00:44:03Z","publicdate":"2001-01-28T00:00:00Z","datefirstpublished":"2003-02-14T20:41:59Z","dateupdated":"2003-02-14T20:47:24Z","revision":18,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"10","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"4.5","cam_scorecurrentwidelyknown":"9","cam_scorecurrentwidelyknownexploited":"18","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.5,"vulnote":null}