CVE-2001-0555

ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor’s Desktop or (2) the template parameter in SWEditServlet.

Date published : 2001-07-27

http://www.securityfocus.com/bid/2869

http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html