CVE-2002-0543

Aprelium Abyss Web Server - Directory Traversal via URL-Encoded Dot-Dot Sequences

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0543.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in Abyss Web Server, allowing remote attackers to read arbitrary files via encoded dot-dot-slash sequences. The advisory includes a proof-of-concept URL to access the administrative configuration file.

Description

Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.

Exploits (1)

exploitdb WRITEUP
remotewindows
https://www.exploit-db.com/exploits/21367

The exploit describes a directory traversal vulnerability in Abyss Web Server, allowing remote attackers to read arbitrary files via encoded dot-dot-slash sequences. The advisory includes a proof-of-concept URL to access the administrative configuration file.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Abyss Web Server (Windows, possibly Linux)
No auth needed
Prerequisites: Network access to the target web server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8805.php
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-04/0110.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4466

Scores

EPSS 0.0834
EPSS Percentile 94.2%

Details

Status published
Products (1)
aprelium_technologies/abyss_web_server 1.0
Published Jul 03, 2002
Tracked Since Feb 18, 2026