Lucene search

[email protected]CVE-2003-0456

HistoryAug 18, 2003 - 4:00 a.m.

CVE-2003-0456

2003-08-1804:00:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2003-0456

visnetic website

remote attackers

pathname leakage

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.

Affected configurations

NVD

Node

deerfieldvisnetic_websiteMatch3.5.13

deerfieldvisnetic_websiteMatch3.5.15

deerfieldvisnetic_websiteMatch3.5.17

CPENameOperatorVersion
deerfield:visnetic_websitedeerfield visnetic websiteeq3.5.13
deerfield:visnetic_websitedeerfield visnetic websiteeq3.5.15
deerfield:visnetic_websitedeerfield visnetic websiteeq3.5.17

CPE	Name	Operator	Version
deerfield:visnetic_website	deerfield visnetic website	eq	3.5.13
deerfield:visnetic_website	deerfield visnetic website	eq	3.5.15
deerfield:visnetic_website	deerfield visnetic website	eq	3.5.17

References

archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html

marc.info/?l=bugtraq&m=105733894003737&w=2

www.krusesecurity.dk/advisories/vis0103.txt

www.securityfocus.com/bid/8075

exchange.xforce.ibmcloud.com/vulnerabilities/12483

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for CVE-2003-0456

nvd1 cvelist1 openvas2 nessus1