Summary
There is a vulnerability in the PHP Rocket Add-in for FrontPage that allows a remote attacker to view the contents of any arbitrary file to which the web user has access. This vulnerability exists because the PHP Rocket Add-in does not filter out ../ and is therefore susceptible to this directory traversal attack.
More Information: http://www.securityfocus.com/bid/3751
Severity
Classification
-
CVE CVE-2001-1204 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Advanced Image Hosting Cross Site Scripting Vulnerability
- Allaire JRun directory browsing vulnerability