CVE-2002-2403

KEY Focus KF Web Server - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mattmurphy · perlremotewindows

https://www.exploit-db.com/exploits/22018

View Code ZIP pw:eip

References (6)

[Exploit] http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0073.html

[Various Sources] http://www.keyfocus.net/kfws/support/

[Exploit] http://www.securityfocus.com/archive/1/299742

[Exploit] http://securityreason.com/securityalert/3331

[Exploit] http://www.securityfocus.com/bid/6180

[Third Party Advisory] http://www.iss.net/security_center/static/10622.php

Scores

EPSS 0.0662

EPSS Percentile 91.2%

Details

CWE

CWE-22

Status published

Products (1)

key_focus/kf_web_server 1.0.8

Published Dec 31, 2002

Tracked Since Feb 18, 2026