FKIE_CVE-2002-0215
Vulnerability from fkie_nvd - Published: 2002-05-16 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| steve_kneizys | agora.cgi | 3.2 | |
| steve_kneizys | agora.cgi | 3.2a | |
| steve_kneizys | agora.cgi | 3.2b | |
| steve_kneizys | agora.cgi | 3.2c | |
| steve_kneizys | agora.cgi | 3.2d | |
| steve_kneizys | agora.cgi | 3.2e | |
| steve_kneizys | agora.cgi | 3.2f | |
| steve_kneizys | agora.cgi | 3.2g | |
| steve_kneizys | agora.cgi | 3.2h | |
| steve_kneizys | agora.cgi | 3.2i | |
| steve_kneizys | agora.cgi | 3.2j | |
| steve_kneizys | agora.cgi | 3.2ja | |
| steve_kneizys | agora.cgi | 3.2k | |
| steve_kneizys | agora.cgi | 3.2l | |
| steve_kneizys | agora.cgi | 3.2m | |
| steve_kneizys | agora.cgi | 3.2n | |
| steve_kneizys | agora.cgi | 3.2p | |
| steve_kneizys | agora.cgi | 3.2q | |
| steve_kneizys | agora.cgi | 3.2r | |
| steve_kneizys | agora.cgi | 3.3a | |
| steve_kneizys | agora.cgi | 3.3b | |
| steve_kneizys | agora.cgi | 3.3c | |
| steve_kneizys | agora.cgi | 3.3d | |
| steve_kneizys | agora.cgi | 3.3e | |
| steve_kneizys | agora.cgi | 3.3f | |
| steve_kneizys | agora.cgi | 3.3i | |
| steve_kneizys | agora.cgi | 3.3j | |
| steve_kneizys | agora.cgi | 4.0 | |
| steve_kneizys | agora.cgi | 4.0a | |
| steve_kneizys | agora.cgi | 4.0b | |
| steve_kneizys | agora.cgi | 4.0c | |
| steve_kneizys | agora.cgi | 4.0d | |
| steve_kneizys | agora.cgi | 4.0e |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7808DDA-412A-4798-B937-8FBA18A02CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2735C8-D031-4820-A07F-EEF0DA42C88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "AF52B479-C94E-4EFB-86E2-D5F5EF72066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2145D6-0650-431A-9E1F-851619E5BE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5925D7-F12E-4C04-A6F0-070D1BFDE13F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "F66BBAFC-CB62-481C-AAD9-AFBFC1570738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBE501A-DB0F-4FA0-80D9-45E0E3FFAB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "45F44DBA-A215-4A4B-9AC3-358AB61A1BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2h:*:*:*:*:*:*:*",
"matchCriteriaId": "599059EA-DA87-4B87-AE22-90628967A2A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2i:*:*:*:*:*:*:*",
"matchCriteriaId": "802FE920-82B3-4D44-A449-736E009F53B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2j:*:*:*:*:*:*:*",
"matchCriteriaId": "62BAC6C3-923F-4869-AA2E-2E5BC8F3C568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2ja:*:*:*:*:*:*:*",
"matchCriteriaId": "67275AFF-A988-447B-A15E-B725173BCE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2k:*:*:*:*:*:*:*",
"matchCriteriaId": "39F34030-D87B-491A-993A-E227ED99EF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2l:*:*:*:*:*:*:*",
"matchCriteriaId": "3A6F3D9C-CF75-4E7B-A34D-5D515543E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2m:*:*:*:*:*:*:*",
"matchCriteriaId": "C6076E9F-CBBD-4AAC-94D9-AAB9B5F7D747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2n:*:*:*:*:*:*:*",
"matchCriteriaId": "9641B186-4795-4A01-9A2E-0B6EAFBAA847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2p:*:*:*:*:*:*:*",
"matchCriteriaId": "B43B8E13-15A8-4333-997B-A65D1F95120D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2q:*:*:*:*:*:*:*",
"matchCriteriaId": "01CD9379-81D4-40E5-8712-C3ECC547BCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.2r:*:*:*:*:*:*:*",
"matchCriteriaId": "3C01009C-8A0F-4145-AFCC-266E9AC9F38F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "7D182707-0550-4730-BCC6-8E73726ACCA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "131B3AC9-E1BE-474F-BF5A-EE3A2F3925DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3c:*:*:*:*:*:*:*",
"matchCriteriaId": "B64A8A45-C79E-4B40-A9E0-DBE59620B98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3d:*:*:*:*:*:*:*",
"matchCriteriaId": "C75EC15B-B1FB-4D25-8281-791628336B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3e:*:*:*:*:*:*:*",
"matchCriteriaId": "660D3973-C72E-419F-B258-099AFE7D17F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3f:*:*:*:*:*:*:*",
"matchCriteriaId": "52255955-5C2F-41CC-B1F6-9B14AE1FF08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3i:*:*:*:*:*:*:*",
"matchCriteriaId": "91E45149-B2BB-444F-ABF4-6FC8FF7DED13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:3.3j:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7E4671-A0C9-449A-9CF6-9F5E5485DAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA62D301-78C5-4F44-9A54-E7BD860121DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEF1EB8-7341-48AB-A220-6D1760B40A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "B7527F9F-EB74-40B3-82D0-952910C29B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "3F67E952-4F8F-4C67-94B9-63097BF7B33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "D5308E74-F9CB-44D3-B89D-6D27266CD552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:steve_kneizys:agora.cgi:4.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD8E0D8-7E18-4921-917B-015A8E0E9797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message."
},
{
"lang": "es",
"value": "Agora.cgi de la 3.2r a la 4.0 en modo depuraci\u00f3n permite a atacantes remotos determinar la ruta completa del fichero agora.cgi mediante una petici\u00f3n de un fichero .html inexistente. La ruta aparece en un mensaje de error."
}
],
"id": "CVE-2002-0215",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/252761"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8011.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/252761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8011.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3976"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…