CVE-2002-2389 — MEDIUM severity vulnerability (TheServer 1.74 web server stores server.ini under the web do)
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
| CVE ID | CVE-2002-2389 |
|---|---|
| Severity | MEDIUM |
| CVSS score | 5.0 |
| CVSS vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| CWE | CWE-255 |
| Status | Modified |
| Published | 2002-12-31 |
| Last modified | 2026-04-16 |
| Description | TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →