CVE-2000-1092
published 2001-01-09CVE-2000-1092: loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of…
PriorityP425medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.49%
93.7th percentile
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alex_heiphetz_group | ezshopper | — | — |
| alex_heiphetz_group | ezshopper | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
alex heiphetz Group eZshopper 2.0/3.0 - Directory Traversal
exploitdb·2000-12-13
CVE-2000-1092 alex heiphetz Group eZshopper 2.0/3.0 - Directory Traversal
alex heiphetz Group eZshopper 2.0/3.0 - Directory Traversal
---
source: https://www.securityfocus.com/bid/2109/info
It is possible for a remote user to gain read access to various files that reside within the EZShopper directory. By requesting a specially crafted URL utilizing loadpage.cgi' application with a '/' appended, EZShopper will disclose the contents within the EZShopper directory. As a result, it is possible for an attacker to navigate into its subdirectories and view any file.
It is also reported that this same CGI application allows directory traversal sequences to be utilized to retrieve the contents of arbitrary Web server accessible files.
Successful exploitation of this vulnerability could lead to the disclosure of sensitive information and possibly assist in further a
Exploit-DB
IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service
exploitdb·2000-09-15
CVE-2000-0848 IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service
IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service
---
source: https://www.securityfocus.com/bid/1691/info
Large amounts of data (ie 1092+ characters) in the Host: request header may cause the web server process to fault on signal 11 (SIGSEGV) or signal 10 (SIGBUS).
GET /servletsnoop HTTP/1.0
Host: xxxxxxxxxxxxxxxxxxxxxxxx(1092+ characters)
resulted in the following IBMHTTPD log entry:
[Fri May 26 12:00:54 2000] [notice] child pid 11306 exit signal Segmentation
Fault (11)
No writeups or analysis indexed.
2001-01-09
Published