CVE-2001-0250

The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2001-01/0396.html	Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/2285	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5997
http://archives.neohapsis.com/archives/bugtraq/2001-01/0396.html	Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/2285	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5997

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:netscape:enterprise_server:3.0:::::::*
	cpe:2.3:a:netscape:enterprise_server:4.0:::::::*

History

No history.

Information

Published : 2001-06-02 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2001-0250

Mitre link : CVE-2001-0250

CVE.ORG link : CVE-2001-0250

JSON object : View

Products Affected

netscape

enterprise_server

CWE

NVD-CWE-Other

{"id": "CVE-2001-0250", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-06-02T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0396.html", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/2285", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5997", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0396.html", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/2285", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5997", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A7B9FDA-DC62-4EC9-9120-A7E6795C2815"}, {"criteria": "cpe:2.3:a:netscape:enterprise_server:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DD208FC-AC17-45DF-9A5F-D8CDA6DB3A7F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}