CVE-2002-0544

Aprelium Abyss Web Server <1.0.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0544. PoCs published by Jeremy Roberts.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in Abyss Web Server allowing remote attackers to read arbitrary files via encoded dot-dot-slash sequences. The example URL demonstrates accessing the administrative configuration file.

Description

Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Jeremy Roberts · textremotewindows
https://www.exploit-db.com/exploits/21367

The exploit describes a directory traversal vulnerability in Abyss Web Server allowing remote attackers to read arbitrary files via encoded dot-dot-slash sequences. The example URL demonstrates accessing the administrative configuration file.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Abyss Web Server (Windows, possibly Linux)
No auth needed
Prerequisites: Network access to the target web server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.aprelium.com/news/abws103.html
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4467

Scores

EPSS 0.0079
EPSS Percentile 51.7%

Details

Status published
Products (1)
aprelium_technologies/abyss_web_server 1.0
Published Jul 03, 2002
Tracked Since Feb 18, 2026