CVE-2004-2671

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2004-2671
mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.securityfocus.com/archive/1/370855 Exploit Vendor Advisory
http://echo.or.id/adv/adv02-y3dips-2004.txt Exploit Vendor Advisory
http://www.securityfocus.com/bid/8507 Exploit Vendor Advisory
http://securitytracker.com/id?1010864 Vendor Advisory
http://secunia.com/advisories/12231 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13042
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:endonesia:endonesia:8.3:*:*:*:*:*:*:*
Information

Published : 2004-12-30 21:00

Updated : 2017-07-28 18:29

NVD link : CVE-2004-2671

Mitre link : CVE-2004-2671

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

endonesia

  • endonesia