CVE Daily

CVE-2003-1168

HTTP Commander 4.0 allows remote attackers to obtain sensitive information via a...

Medium CVSS 5.0

Overview

HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message.

CWE: N/A Published: 2003-12-31T05:00:00.000
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.0 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags