CVE-2002-1525

Description

Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017.

Affected products

• astaware / searchdisc3.1 – 3.1
• sun / sunone_starter_kit2.0 – 2.0

References

• MISChttp://online.securityfocus.com/archive/1/293545
• MISChttp://www.securityfocus.com/bid/5828
• MISChttp://www.iss.net/security_center/static/10225.php