{"api_version":"1","generated_at":"2026-06-04T15:59:49+00:00","cve":"CVE-2002-1058","urls":{"html":"https://cve.report/CVE-2002-1058","api":"https://cve.report/api/cve/CVE-2002-1058.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2002-1058","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2002-1058"},"summary":{"title":"CVE-2002-1058","description":"Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.","state":"PUBLISHED","assigner":"mitre","published_at":"2002-10-04 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securityfocus.com/bid/5297","name":"http://www.securityfocus.com/bid/5297","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"Cobalt Qube Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html","name":"http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Neohapsis Archives - Bugtraq - Cobalt Qube 3 Administration page - From saleh_at_scan-associates.net","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.iss.net/security_center/static/9669.php","name":"http://www.iss.net/security_center/static/9669.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"ISS X-Force Database: cobalt-qube-admin-access (9669): Cobalt Qube specially-crafted cookie could allow administrative access","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2002-1058","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-1058","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2002","cve_id":"1058","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cobalt","cpe5":"qube","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T03:12:16.894Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20020723 Cobalt Qube 3 Administration page","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html"},{"name":"5297","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/5297"},{"name":"cobalt-qube-admin-access(9669)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"http://www.iss.net/security_center/static/9669.php"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2002-07-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2002-09-10T09:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20020723 Cobalt Qube 3 Administration page","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html"},{"name":"5297","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/5297"},{"name":"cobalt-qube-admin-access(9669)","tags":["vdb-entry","x_refsource_XF"],"url":"http://www.iss.net/security_center/static/9669.php"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2002-1058","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20020723 Cobalt Qube 3 Administration page","refsource":"BUGTRAQ","url":"http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html"},{"name":"5297","refsource":"BID","url":"http://www.securityfocus.com/bid/5297"},{"name":"cobalt-qube-admin-access(9669)","refsource":"XF","url":"http://www.iss.net/security_center/static/9669.php"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2002-1058","datePublished":"2002-08-31T04:00:00.000Z","dateReserved":"2002-08-30T00:00:00.000Z","dateUpdated":"2024-08-08T03:12:16.894Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2002-10-04 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cobalt:qube:3.0:*:*:*:*:*:*:*","matchCriteriaId":"17068923-0D3A-441A-ACDE-19BCB188530E"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2002","CveId":"1058","Ordinal":"1","Title":"CVE-2002-1058","CVE":"CVE-2002-1058","Year":"2002"},"notes":[{"CveYear":"2002","CveId":"1058","Ordinal":"1","NoteData":"Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.","Type":"Description","Title":"CVE-2002-1058"},{"CveYear":"2002","CveId":"1058","Ordinal":"2","NoteData":"2002-08-31","Type":"Other","Title":"Published"},{"CveYear":"2002","CveId":"1058","Ordinal":"3","NoteData":"2002-09-10","Type":"Other","Title":"Modified"}]}}}