CVE-2001-0452

BRS WebWeaver FTP <0.64 Beta - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0452. PoCs published by joetesta.

AI-analyzed exploit summary This exploit demonstrates an information leakage vulnerability in BRS WebWeaver's FTP server. By issuing the 'CD *' command, an attacker can retrieve the physical path of the FTP root directory, which is disclosed in an error message.

Description

BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by joetesta · textremotewindows

https://www.exploit-db.com/exploits/20819

View Code ZIP pw:eip

This exploit demonstrates an information leakage vulnerability in BRS WebWeaver's FTP server. By issuing the 'CD *' command, an attacker can retrieve the physical path of the FTP root directory, which is disclosed in an error message.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: BRS WebWeaver FTP Server

Auth required

Prerequisites: Valid FTP credentials

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources x_refsource_confirm

http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2676

Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/180506

Scores

EPSS 0.0333

EPSS Percentile 87.0%

Details

Status published

Products (7)

brs/webweaver 0.49_beta

brs/webweaver 0.50_beta

brs/webweaver 0.51_beta

brs/webweaver 0.52_beta

brs/webweaver 0.60_beta

brs/webweaver 0.61_beta

brs/webweaver 0.62_beta

Published Jun 27, 2001

Tracked Since Feb 18, 2026