{"vuid":"VU#651994","idnumber":"651994","name":"SEDUM HTTP server permits directory traversal","keywords":["SEDUM","Guido Frassetto","../",".../","relative path"],"overview":"The SEDUM web server permits intruders to access files outside the web root.","clean_desc":"The SEDUM Web Server permits intruders to access files outside the web root using a GET request containing \"..\" (dot dot). This can expose files (including files with sensitive information) to exposure by unauthorized individuals.","impact":"Intruders can read files accessible to the SEDUM web server they should not be able to read .","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"Our thanks to  Joe Testa, who originally\n reported \nthis problem on BugTraq.","author":"This document was written by Shawn V. Hernan.","public":["http://www.securityfocus.com/bid/2335","http://xforce.iss.net/static/6063.php","http://www.securityfocus.com/archive/1/160452"],"cveids":["CVE-2001-0199"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-02-08T22:27:16Z","publicdate":"2001-02-04T00:00:00Z","datefirstpublished":"2001-05-16T03:15:32Z","dateupdated":"2001-06-26T02:52:42Z","revision":5,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"1","cam_impact":"8","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.5","cam_scorecurrentwidelyknown":"1.5","cam_scorecurrentwidelyknownexploited":"2.7","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.5,"vulnote":null}