Directory Traversal Vulnerability in Cobalt RAQ 4 by Cobalt Networks
CVE-2002-0347

Currently unrated

Key Information:

Vendor: Oracle
Status: Cobalt Raq 3i; Cobalt Raq 2; Cobalt Raq 4
Vendor: CVE Published:; 25 June 2002

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A directory traversal vulnerability in Cobalt RAQ 4 enables remote attackers to gain unauthorized access to sensitive files, including those that are password-protected and potentially files located outside the web root. Exploitation occurs through specifically crafted HTTP requests that leverage the '..' (dot dot) sequence, allowing attackers to traverse the directory structure and retrieve confidential data.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2002-0347
Created by alt3kx

References

http://marc.info/?l=bugtraq&m=101495944202452&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/4208

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/8322.php

vdb-entryx_refsource_XF

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

🟡
Public PoC available
May 11, 2018
👾
Exploit known to exist
May 11, 2018
Vulnerability published
Jun 25, 2002
Vulnerability Reserved
May 1, 2002