CVE

CVE-2001-0973

Date: (C)2001-08-31   (M)2023-12-22

BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE

Reference:

http://archives.neohapsis.com/archives/bugtraq/2001-08/0328.html

BID-3227

VU#465971

bscw-extracted-file-symlink(7029)

http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt