CVE-2000-1075
published 2000-12-11CVE-2000-1075: Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a…
PriorityP429medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
6.02%
92.4th percentile
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netscape | directory_server | — | — |
| sun | iplanet_certificate_management_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
iPlanet Certificate Management System 4.2 - Directory Traversal
exploitdb·2000-10-25
CVE-2000-1075 iPlanet Certificate Management System 4.2 - Directory Traversal
iPlanet Certificate Management System 4.2 - Directory Traversal
---
source: https://www.securityfocus.com/bid/1839/info
Acquiring access to known files outside of the web root is possible through directory traversal techniques in both iPlanet Certificate Management System (CMS). This is made possible through the use of "\../" in a HTTP request. The following services are affected by this vulnerability:
- The Agent services server on port 8100/tcp
- The End Entity services server on port 443/tcp (Accessible through SSL)
- The Administrator services server on a random port configured during installation.
https://target/ca/\../\../\../\file.ext
Exploit-DB
Netscape Directory Server 4.12 - Directory Server Directory Traversal
exploitdb·2000-10-25
CVE-2000-1075 Netscape Directory Server 4.12 - Directory Server Directory Traversal
Netscape Directory Server 4.12 - Directory Server Directory Traversal
---
source: https://www.securityfocus.com/bid/1839/info
Acquiring access to known files outside of the web root is possible through directory traversal techniques in Netscape Directory Server. This is made possible through the use of "\../" in a HTTP request. The following services are affected by this vulnerability:
- The Agent services server on port 8100/tcp
- The End Entity services server on port 443/tcp (Accessible through SSL)
- The Administrator services server on a random port configured during installation.
https://target/ca/\../\../\../\file.ext
http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.htmlhttp://www.iplanet.com/downloads/patches/0122.htmlhttp://www.osvdb.org/4086http://www.osvdb.org/486http://www.securityfocus.com/bid/1839https://exchange.xforce.ibmcloud.com/vulnerabilities/5421http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.htmlhttp://www.iplanet.com/downloads/patches/0122.htmlhttp://www.osvdb.org/4086http://www.osvdb.org/486http://www.securityfocus.com/bid/1839https://exchange.xforce.ibmcloud.com/vulnerabilities/5421
2000-12-11
Published