CVE-2001-0555

N/A Unknown

Published: August 14, 2001 Modified: April 16, 2026

Description

ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html

Source: cve@mitre.org

Vendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html

Source: cve@mitre.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/795707

Source: cve@mitre.org

US Government Resource

http://www.osvdb.org/13887

Source: cve@mitre.org

http://www.securityfocus.com/bid/2869

Source: cve@mitre.org

http://www01.screamingmedia.com/en/security/sms1001.php

Source: cve@mitre.org

Exploit Patch Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/6689

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html