Lucene search

MitreCVE-2000-1166

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2000-1166

2002-06-2504:00:00

mitre

web.nvd.nist.gov

twig webmail

security flaw

remote attack

php3 code

cve-2000-1166

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.008

Percentile

81.2%

JSON

Twig webmail system does not properly set the “vhosts” variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

Affected configurations

Nvd

Node

twig_development_teamtwigMatch2.5.1

VendorProductVersionCPE
twig_development_teamtwig2.5.1cpe:2.3:a:twig_development_team:twig:2.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
twig_development_team	twig	2.5.1	cpe:2.3:a:twig_development_team:twig:2.5.1:::::::*

References

archives.neohapsis.com/archives/bugtraq/2000-11/0351.html

twig.screwdriver.net/file.php3?file=CHANGELOG

www.securityfocus.com/bid/1998

exchange.xforce.ibmcloud.com/vulnerabilities/5581

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.008

Percentile

81.2%

JSON

Related for CVE-2000-1166