Lucene search

[email protected]CVE-2007-4861

HistoryOct 30, 2007 - 9:46 p.m.

CVE-2007-4861

2007-10-3021:46:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2007-4861

saxon 5.4

display_errors

sensitive information exposure

remote attackers

news.php

admin/edit-item.php

error messages

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

JSON

SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.

Affected configurations

NVD

Node

quirmsaxonMatch5.4

CPENameOperatorVersion
quirm:saxonquirm saxoneq5.4

CPE	Name	Operator	Version
quirm:saxon	quirm saxon	eq	5.4

References

osvdb.org/45330

osvdb.org/45331

osvdb.org/45332

osvdb.org/45333

osvdb.org/45334

securityreason.com/securityalert/3311

www.netvigilance.com/advisory0053

www.quirm.net/punbb/viewtopic.php?id=129

www.securityfocus.com/archive/1/482930/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/38138

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

JSON

Related for CVE-2007-4861

prion1 nvd1 securityvulns2 cvelist1