CVE-2008-1717

WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html
http://secunia.com/advisories/29719	Vendor Advisory
http://www.securityfocus.com/bid/28678
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/41713
http://www.securityfocus.com/archive/1/490782/100/0/threaded
http://www.securityfocus.com/archive/1/490560/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:woltlab:burning_board:3.0.5:*:*:*:*:*:*:*

Information

Published : 2008-04-09 14:05

Updated : 2018-10-11 13:36

NVD link : CVE-2008-1717

Mitre link : CVE-2008-1717

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

woltlab

burning_board

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html", "name": "20080408 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "tags": [], "refsource": "FULLDISC"}, {"url": "http://secunia.com/advisories/29719", "name": "29719", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/28678", "name": "28678", "tags": [], "refsource": "BID"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html", "name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "tags": [], "refsource": "FULLDISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713", "name": "wbb-wcf-exception-info-disclosure(41713)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/490782/100/0/threaded", "name": "20080412 Re: WoltLab(R) Community Framework WCF 1.0.6", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/490560/100/0/threaded", "name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1717", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-04-09T21:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:woltlab:burning_board:3.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-11T20:36Z"}

5.0 /10