CVE-2003-1550

XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=104820295115420&w=2	Exploit
http://marc.info/?l=bugtraq&m=104887510828106&w=2
http://www.security-corporation.com/index.php?id=advisories&a=011-FR
http://www.securityfocus.com/bid/7149	Exploit
http://secunia.com/advisories/8353	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11587

Configurations

Configuration 1 (hide)

cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*

Information

Published : 2003-12-30 21:00

Updated : 2017-08-07 18:29

NVD link : CVE-2003-1550

Mitre link : CVE-2003-1550

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

xoops

xoops

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://marc.info/?l=bugtraq&m=104820295115420&w=2", "name": "20030320 [SCSA-011] Path Disclosure Vulnerability in XOOPS", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=104887510828106&w=2", "name": "20030328 Re: [SCSA-011] Path Disclosure Vulnerability in XOOPS", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.security-corporation.com/index.php?id=advisories&a=011-FR", "name": "http://www.security-corporation.com/index.php?id=advisories&a=011-FR", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/7149", "name": "7149", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/8353", "name": "8353", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11587", "name": "xoops-xoopsoption-path-disclosure(11587)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1550", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:29Z"}

5.0 /10