Lucene search

MitreCVE-2003-1423

HistoryOct 20, 2007 - 10:00 a.m.

CVE-2003-1423

2007-10-2010:00:00

CWE-264

mitre

web.nvd.nist.gov

cve-2003-1423

petitforum

data file

web document root

access control

remote attackers

sensitive information

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

71.1%

JSON

Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.

Affected configurations

Nvd

Node

linuxlinux_kernel

microsoftall_windows

unixunixMatchany_version

AND

petitforumpetitforum

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
microsoftall_windows*cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*
unixunixany_versioncpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*
petitforumpetitforum*cpe:2.3:a:petitforum:petitforum:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
microsoft	all_windows	*	cpe:2.3:o:microsoft:all_windows::::::::
unix	unix	any_version	cpe:2.3:o:unix:unix:any_version:::::::*
petitforum	petitforum	*	cpe:2.3:a:petitforum:petitforum::::::::

References

securitytracker.com/id?1006117

exchange.xforce.ibmcloud.com/vulnerabilities/11358

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

71.1%

JSON

Related for CVE-2003-1423