Lucene search

[email protected]CVE-2004-2733

HistoryOct 09, 2007 - 10:00 a.m.

CVE-2004-2733

2007-10-0910:00:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2004-2733

web wiz forums

remote attackers

user privileges

security vulnerability

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

88.0%

JSON

Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.

Affected configurations

NVD

Node

webwizweb_wiz_forumsMatch7.7a

CPENameOperatorVersion
webwiz:web_wiz_forumswebwiz web wiz forumseq7.7

CPE	Name	Operator	Version
webwiz:web_wiz_forums	webwiz web wiz forums	eq	7.7

References

archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html

secunia.com/advisories/11525

securitytracker.com/id?1010012

www.osvdb.org/5750

www.osvdb.org/5751

www.securityfocus.com/bid/10255

exchange.xforce.ibmcloud.com/vulnerabilities/16030

exchange.xforce.ibmcloud.com/vulnerabilities/16031

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

88.0%

JSON

Related for CVE-2004-2733

cvelist1 nvd1