Description

IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.

Remediation

References

CVE-2001-0507

Related Vulnerabilities

Oracle Database Server CVE-2007-2108 Vulnerability (CVE-2007-2108)

CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2090)

WordPress Plugin Google Map Remote Code Execution (1.0)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3723)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24554)

Severity

High

Classification

CVE-2001-0507

Tags

Missing Update Known Vulnerabilities