CVE-2002-2403

KeyFocus kf_web_server 1.0.8 - Path Traversal via Multiple Dot Sequences

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2403. PoCs published by mattmurphy.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in KeyFocus KF Web Server by sending a crafted HTTP GET request with consecutive dot characters to escape the web root and retrieve arbitrary files. The exploit uses Perl to connect to the target server and send the malicious request.

Description

Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.

Exploits (1)

exploitdb WORKING POC VERIFIED
by mattmurphy · perlremotewindows
https://www.exploit-db.com/exploits/22018

This exploit leverages a directory traversal vulnerability in KeyFocus KF Web Server by sending a crafted HTTP GET request with consecutive dot characters to escape the web root and retrieve arbitrary files. The exploit uses Perl to connect to the target server and send the malicious request.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: KeyFocus KF Web Server
No auth needed
Prerequisites: Network access to the target web server · Knowledge of the target file path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html
Various Sources x_refsource_confirm
http://www.keyfocus.net/kfws/support/
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/299742
Exploit third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3331
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6180
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10622.php

Scores

EPSS 0.0267
EPSS Percentile 83.8%

Details

CWE
CWE-22
Status published
Products (1)
key_focus/kf_web_server 1.0.8
Published Dec 31, 2002
Tracked Since Feb 18, 2026