Description
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Foundstone Labs · textwebappsjava
https://www.exploit-db.com/exploits/20925
References (7)
Core 7
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/795707
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://www01.screamingmedia.com/en/security/sms1001.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6689
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/13887
Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html
Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2869
Scores
EPSS
0.2360
EPSS Percentile
96.0%
Details
Status
published
Products (1)
screaming_media/siteware
< 3.1
Published
Aug 14, 2001
Tracked Since
Feb 18, 2026