Lucene search

[email protected]CVE-2005-4384

HistoryDec 20, 2005 - 2:03 a.m.

CVE-2005-4384

2005-12-2002:03:00

[email protected]

web.nvd.nist.gov

citysoft

community enterprise

vulnerability

path disclosure

remote attack

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.

Affected configurations

NVD

Node

citysoftcommunity_enterpriseMatch4.x

CPENameOperatorVersion
citysoft:community_enterprisecitysoft community enterpriseeq4.x

CPE	Name	Operator	Version
citysoft:community_enterprise	citysoft community enterprise	eq	4.x

References

pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html

secunia.com/advisories/18145

www.osvdb.org/21857

www.osvdb.org/21858

exchange.xforce.ibmcloud.com/vulnerabilities/23822

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2005-4384

cvelist1 nvd1