CVE-2002-2094
hellbent 01 - Information Disclosure via Path Traversal Error Response
Title source: llmDescription
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
References (3)
Core 3
Core References
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3908
Broken Link, Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-01/0228.html
Broken Link, Patch vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/7930.php
Scores
EPSS
0.0279
EPSS Percentile
84.6%
Details
CWE
CWE-203
Status
published
Products (1)
joetesta/hellbent
0.1
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026