Lucene search

MitreCVE-2007-5128

HistorySep 27, 2007 - 7:17 p.m.

CVE-2007-5128

2007-09-2719:17:00

CWE-20

mitre

web.nvd.nist.gov

simpnews

windows

cve-2007-5128

php 5.0.0

remote attackers

sensitive information

unsupported argument type

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

78.9%

JSON

SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.

Affected configurations

Nvd

Node

boesch-itsimpnewsMatch2.41.03

phpphpRange≤5.0.0

VendorProductVersionCPE
boesch-itsimpnews2.41.03cpe:2.3:a:boesch-it:simpnews:2.41.03:*:*:*:*:*:*:*
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
boesch-it	simpnews	2.41.03	cpe:2.3:a:boesch-it:simpnews:2.41.03:::::::*
php	php	*	cpe:2.3:a:php:php::::::::

References

forum.boesch-it.de/viewtopic.php?t=2791

securityreason.com/securityalert/3174

www.netvigilance.com/advisory0068

www.securityfocus.com/archive/1/480588/100/0/threaded

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

78.9%

JSON

Related for CVE-2007-5128