CVE-2002-0298 — Scriptease Webserver vulnerability
3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 31.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 31
Latest updateApr 30
Description
ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3) a missing URI, or (4) several ../ in a URI that does not begin with a / (slash) character.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9