- Description
- Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:network_associates:net_tools_pki_server:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9B0AA86-A1A2-4154-8F93-CD40F4A4D820"
},
{
"criteria": "cpe:2.3:a:network_associates:net_tools_pki_server:1.0hotfix1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E47369C1-0D9F-49F8-910E-CEB193AD7115"
},
{
"criteria": "cpe:2.3:a:network_associates:net_tools_pki_server:1.0hotfix2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "591E0058-8826-455E-9D05-CB8387FB0D5E"
}
],
"operator": "OR"
}
]
}
]