Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0250 — Enterprise Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

11.1%

top 6.51%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netscape Enterprise Server

Timeline

PublishedJun 2

Latest updateApr 30

Description

The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDnetscape/enterprise_server3.0, 4.0+1

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-q65m-37h7-6wqv: The Web Publishing feature in Netscape Enterprise Server 4↗2022-04-30

▶

CVEList

CVE-2001-0250: The Web Publishing feature in Netscape Enterprise Server 4↗2001-04-04

▶

💥Exploits & PoCs

Exploit-DB

Netscape Enterprise Server 3.0/4.0 - 'Index' Disclosure↗2001-01-24

▶