CVE-2006-4003

The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://sourceforge.net/project/shownotes.php?release_id=436594&group_id=128058	Patch
http://www.securityfocus.com/bid/19317	Patch
http://secunia.com/advisories/21317	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2006/3139
https://exchange.xforce.ibmcloud.com/vulnerabilities/28204
http://www.securityfocus.com/archive/1/442036/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hobbit_monitor:hobbit_monitor:4.0:::::::*
	cpe:2.3:a:hobbit_monitor:hobbit_monitor:4.1:::::::*
	cpe:2.3:a:hobbit_monitor:hobbit_monitor::::::::

Information

Published : 2006-08-07 12:04

Updated : 2018-10-17 14:32

NVD link : CVE-2006-4003

Mitre link : CVE-2006-4003

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

hobbit_monitor

hobbit_monitor

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sourceforge.net/project/shownotes.php?release_id=436594&group_id=128058", "name": "http://sourceforge.net/project/shownotes.php?release_id=436594&group_id=128058", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/19317", "name": "19317", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/21317", "name": "21317", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/3139", "name": "ADV-2006-3139", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28204", "name": "hobbitmonitor-config-information-disclosure(28204)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/442036/100/0/threaded", "name": "20060802 Hobbit monitor security bugfix release - 4.1.2p2", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4003", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-08-07T19:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hobbit_monitor:hobbit_monitor:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hobbit_monitor:hobbit_monitor:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hobbit_monitor:hobbit_monitor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.1.2_p1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:32Z"}