Lucene search

MitreCVE-2002-2045

HistoryJul 14, 2005 - 4:00 a.m.

CVE-2002-2045

2005-07-1404:00:00

mitre

web.nvd.nist.gov

cve-2002-2045

x-stat

php commands

remote attackers

web server:path leakage

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.015

Percentile

87.2%

JSON

x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.

Affected configurations

Nvd

Node

xqusx-statMatch2.2

xqusx-statMatch2.3

VendorProductVersionCPE
xqusx-stat2.2cpe:2.3:a:xqus:x-stat:2.2:*:*:*:*:*:*:*
xqusx-stat2.3cpe:2.3:a:xqus:x-stat:2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xqus	x-stat	2.2	cpe:2.3:a:xqus:x-stat:2.2:::::::*
xqus	x-stat	2.3	cpe:2.3:a:xqus:x-stat:2.3:::::::*

References

seclists.org/lists/vuln-dev/2002/Mar/0156.html

securitytracker.com/id?1003827

www.ifrance.com/kitetoua/tuto/x_holes.txt

www.securityfocus.com/bid/4279

www.securityfocus.com/bid/4280

exchange.xforce.ibmcloud.com/vulnerabilities/8466

exchange.xforce.ibmcloud.com/vulnerabilities/8467

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.015

Percentile

87.2%

JSON

Related for CVE-2002-2045