Vulnerability Database

308,379

Total vulnerabilities in the database

CVE-2002-2389

TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.

Published: Dec 31, 2002
Updated: Nov 9, 2025
CVE: CVE-2002-2389
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
fastlink_software / the_server	1.74	1.74.x

http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000138.html
http://securitytracker.com/id?1004799
http://www.iss.net/security_center/static/9624.php
http://www.securityfocus.com/archive/1/295325
http://www.securityfocus.com/bid/5250

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo