CVE-2002-1525

Sun ONE Starter Kit 2.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1525. PoCs published by ET LoWNOISE.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in Sun ONE Starter Kit 2.0 and ASTAware SearchDisc, allowing attackers to access sensitive files via crafted HTTP requests. No functional PoC code is provided, only example URLs demonstrating the issue.

Description

Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ET LoWNOISE · textwebappsjava

https://www.exploit-db.com/exploits/21879

View Code ZIP pw:eip

The exploit describes a directory traversal vulnerability in Sun ONE Starter Kit 2.0 and ASTAware SearchDisc, allowing attackers to access sensitive files via crafted HTTP requests. No functional PoC code is provided, only example URLs demonstrating the issue.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Sun ONE Starter Kit 2.0, ASTAware SearchDisc

No auth needed

Prerequisites: Network access to the vulnerable service

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://online.securityfocus.com/archive/1/293545

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5828

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10225.php

Scores

EPSS 0.0805

EPSS Percentile 94.1%

Details

Status published

Products (2)

astaware/searchdisc 3.1

sun/sunone_starter_kit 2.0

Published Apr 02, 2003

Tracked Since Feb 18, 2026