CVE-2001-0995

PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/1/210349	Patch Vendor Advisory
http://www.phprojekt.com/ChangeLog	Vendor Advisory
http://www.securityfocus.com/bid/3239	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7035

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phpprojekt:phpprojekt:2.0:::::::*
	cpe:2.3:a:phpprojekt:phpprojekt:2.0.1:::::::*
	cpe:2.3:a:phpprojekt:phpprojekt:2.1:::::::*
	cpe:2.3:a:phpprojekt:phpprojekt:2.3:::::::*
	cpe:2.3:a:phpprojekt:phpprojekt::::::::
	cpe:2.3:a:phpprojekt:phpprojekt:2.1a:::::::*
	cpe:2.3:a:phpprojekt:phpprojekt:2.2:::::::*

Information

Published : 2001-08-30 21:00

Updated : 2017-10-09 18:29

NVD link : CVE-2001-0995

Mitre link : CVE-2001-0995

JSON object : View

CWE

NVD-CWE-Other

Products Affected

phpprojekt

phpprojekt

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/210349", "name": "20010826 security hole in os groupware suite PHProjekt", "tags": ["Patch", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.phprojekt.com/ChangeLog", "name": "http://www.phprojekt.com/ChangeLog", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/3239", "name": "3239", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7035", "name": "phprojekt-id-modify(7035)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0995", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2001-08-31T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:phpprojekt:phpprojekt:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpprojekt:phpprojekt:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpprojekt:phpprojekt:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpprojekt:phpprojekt:2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpprojekt:phpprojekt:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.4a"}, {"cpe23Uri": "cpe:2.3:a:phpprojekt:phpprojekt:2.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpprojekt:phpprojekt:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:29Z"}

7.5 /10