CVE-2001-0561
published 2001-08-14CVE-2001-0561: Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1)…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.53%
95.7th percentile
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drummond_miles | a1stats | <= 1.6 | — |
| drummond_miles | a1stats | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Drummond Miles A1Stats 1.0 - 'a1disp4.cgi' Traversal Arbitrary File Read
exploitdb·2001-05-07
CVE-2001-0561 Drummond Miles A1Stats 1.0 - 'a1disp4.cgi' Traversal Arbitrary File Read
Drummond Miles A1Stats 1.0 - 'a1disp4.cgi' Traversal Arbitrary File Read
---
source: https://www.securityfocus.com/bid/2705/info
A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic.
Versions of this product fail to properly validate user-supplied input submitted as querystrings to the A1Stats script.
An attacker can compose a long path including '/../' sequences, and submit it as a file request to the product's built-in webserver. 'dot dot' sequences will not be filtered from the path, permitting the attacker to specify files outside the directory tree normally available to users.
This can permit disclosure of confidential data and sensitive system files which, if properly exploited, could lead to further compromises of the host's security.
Additi
Exploit-DB
Drummond Miles A1Stats 1.0 - 'a1disp2.cgi' Traversal Arbitrary File Read
exploitdb·2001-05-07
CVE-2001-0561 Drummond Miles A1Stats 1.0 - 'a1disp2.cgi' Traversal Arbitrary File Read
Drummond Miles A1Stats 1.0 - 'a1disp2.cgi' Traversal Arbitrary File Read
---
source: https://www.securityfocus.com/bid/2705/info
A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic.
Versions of this product fail to properly validate user-supplied input submitted as querystrings to the A1Stats script.
An attacker can compose a long path including '/../' sequences, and submit it as a file request to the product's built-in webserver. 'dot dot' sequences will not be filtered from the path, permitting the attacker to specify files outside the directory tree normally available to users.
This can permit disclosure of confidential data and sensitive system files which, if properly exploited, could lead to further compromises of the host's security.
Additi
Exploit-DB
Drummond Miles A1Stats 1.0 - 'a1disp3.cgi' Traversal Arbitrary File Read
exploitdb·2001-05-07
CVE-2001-0561 Drummond Miles A1Stats 1.0 - 'a1disp3.cgi' Traversal Arbitrary File Read
Drummond Miles A1Stats 1.0 - 'a1disp3.cgi' Traversal Arbitrary File Read
---
source: https://www.securityfocus.com/bid/2705/info
A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic.
Versions of this product fail to properly validate user-supplied input submitted as querystrings to the A1Stats script.
An attacker can compose a long path including '/../' sequences, and submit it as a file request to the product's built-in webserver. 'dot dot' sequences will not be filtered from the path, permitting the attacker to specify files outside the directory tree normally available to users.
This can permit disclosure of confidential data and sensitive system files which, if properly exploited, could lead to further compromises of the host's security.
Additi
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.htmlhttp://www.kb.cert.org/vuls/id/471691http://www.securityfocus.com/bid/2705https://exchange.xforce.ibmcloud.com/vulnerabilities/6503http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.htmlhttp://www.kb.cert.org/vuls/id/471691http://www.securityfocus.com/bid/2705https://exchange.xforce.ibmcloud.com/vulnerabilities/6503
2001-08-14
Published