CVE-2002-0897

LocalWEB2000 2.1.0 - Unauthenticated Access Restriction Bypass via /./ Directory Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0897. PoCs published by Tamer Sahin.

AI-analyzed exploit summary The vulnerability in LocalWEB2000 allows bypassing password protection by appending './' to the URL path, exploiting a design flaw in the protection mechanism. This affects LocalWEB2000 Standard Version 2.1.0 and potentially other versions.

Description

LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tamer Sahin · textremotewindows

https://www.exploit-db.com/exploits/21475

View Code ZIP pw:eip

The vulnerability in LocalWEB2000 allows bypassing password protection by appending './' to the URL path, exploiting a design flaw in the protection mechanism. This affects LocalWEB2000 Standard Version 2.1.0 and potentially other versions.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: LocalWEB2000 Standard Version 2.1.0

No auth needed

Prerequisites: Access to the target LocalWEB2000 server

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4820

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9165.php

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://online.securityfocus.com/archive/1/274020

Third Party Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html

Scores

EPSS 0.0281

EPSS Percentile 84.7%

Details

Status published

Products (1)

intranet-server/localweb2000 2.1.0_standard_version

Published Oct 04, 2002

Tracked Since Feb 18, 2026