CVE-2006-0352

The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://evuln.com/vulns/38/summary/bt/
https://exchange.xforce.ibmcloud.com/vulnerabilities/31307
https://exchange.xforce.ibmcloud.com/vulnerabilities/24193
http://www.securityfocus.com/archive/1/456069/100/0/threaded
http://www.securityfocus.com/archive/1/422268/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fluffington:flog:1.01:::::::*
	cpe:2.3:a:fluffington:flog:1.1.2:::::::*

Information

Published : 2006-01-20 17:03

Updated : 2018-10-19 08:44

NVD link : CVE-2006-0352

Mitre link : CVE-2006-0352

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

fluffington

flog

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://evuln.com/vulns/38/summary/bt/", "name": "http://evuln.com/vulns/38/summary/bt/", "tags": [], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31307", "name": "flog-admin-info-disclosure(31307)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24193", "name": "flog-data-directory-insecure(24193)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/456069/100/0/threaded", "name": "20070105 Flog 1.1.2 Remote Admin Password Disclosure", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/422268/100/0/threaded", "name": "20060117 [eVuln] Flog Information Disclosure Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0352", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-01-21T01:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:fluffington:flog:1.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:fluffington:flog:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:44Z"}