CVE-2011-0435

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2011-0435
Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162 Patch
http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog
http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog
http://secunia.com/advisories/43523 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0556 Vendor Advisory
http://www.gplhost.sg/lists/dtcannounce/msg00025.html Patch
http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e Patch
http://www.debian.org/security/2011/dsa-2179
https://exchange.xforce.ibmcloud.com/vulnerabilities/65896
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.1:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.2:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.9:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.6:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.15:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:*:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.8:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.6:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.4:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.3:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.18:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.14:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.17:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.16:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.10:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.6:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.6:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.5:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.29.10:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.20:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.30.8:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.7:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.32.4:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:*:*:*:*:*:*:*
cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:*:*:*:*:*:*:*
Information

Published : 2011-03-07 13:00

Updated : 2017-08-16 18:33

NVD link : CVE-2011-0435

Mitre link : CVE-2011-0435

JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa
Products Affected

gplhost

  • domain_technologie_control