Directory Traversal Vulnerability in SolarWinds TFTP Server
CVE-2002-1209

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Tftp Server
Vendor: CVE Published:; 4 November 2002

Summary

A directory traversal vulnerability exists in SolarWinds TFTP Server 5.0.55 and potentially earlier versions, allowing remote attackers to exploit the server. By using the '..' (dot-dot backslash) sequence in a GET request, they can read arbitrary files on the server's filesystem. This exposure could lead to unauthorized access to sensitive system files, posing a significant risk to the integrity and confidentiality of the affected systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/10469

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/...

mailing-listx_refsource_VULNWATCH

http://www.securityfocus.com/bid/6045

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 4, 2002
Vulnerability Reserved
Oct 14, 2002