Lucene search

MitreCVE-2010-2859

HistoryJul 25, 2010 - 2:04 a.m.

CVE-2010-2859

2010-07-2502:04:14

CWE-200

mitre

web.nvd.nist.gov

cve-2010-2859

simpnews

news.php

vulnerability

remote attackers

sensitive information

installation path

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

71.4%

JSON

news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.

Affected configurations

Nvd

Node

boesch-itsimpnewsRange≤2.47.03

boesch-itsimpnewsMatch2.0.1

boesch-itsimpnewsMatch2.13

boesch-itsimpnewsMatch2.30

boesch-itsimpnewsMatch2.30.2

boesch-itsimpnewsMatch2.30.6

boesch-itsimpnewsMatch2.31.0

boesch-itsimpnewsMatch2.32.0

boesch-itsimpnewsMatch2.32.1

boesch-itsimpnewsMatch2.33.0

boesch-itsimpnewsMatch2.33.01

boesch-itsimpnewsMatch2.34

boesch-itsimpnewsMatch2.34.0

boesch-itsimpnewsMatch2.34.01

boesch-itsimpnewsMatch2.35.00

boesch-itsimpnewsMatch2.36.00

boesch-itsimpnewsMatch2.37.00

boesch-itsimpnewsMatch2.37.01

boesch-itsimpnewsMatch2.37.02

boesch-itsimpnewsMatch2.38

boesch-itsimpnewsMatch2.38.02

boesch-itsimpnewsMatch2.38.03

boesch-itsimpnewsMatch2.38.04

boesch-itsimpnewsMatch2.39.0

boesch-itsimpnewsMatch2.40.01

boesch-itsimpnewsMatch2.41.0

boesch-itsimpnewsMatch2.41.02

boesch-itsimpnewsMatch2.41.03

boesch-itsimpnewsMatch2.42.0

boesch-itsimpnewsMatch2.42.01

boesch-itsimpnewsMatch2.44.00

boesch-itsimpnewsMatch2.47.00

VendorProductVersionCPE
boesch-itsimpnews*cpe:2.3:a:boesch-it:simpnews:*:*:*:*:*:*:*:*
boesch-itsimpnews2.0.1cpe:2.3:a:boesch-it:simpnews:2.0.1:*:*:*:*:*:*:*
boesch-itsimpnews2.13cpe:2.3:a:boesch-it:simpnews:2.13:*:*:*:*:*:*:*
boesch-itsimpnews2.30cpe:2.3:a:boesch-it:simpnews:2.30:*:*:*:*:*:*:*
boesch-itsimpnews2.30.2cpe:2.3:a:boesch-it:simpnews:2.30.2:*:*:*:*:*:*:*
boesch-itsimpnews2.30.6cpe:2.3:a:boesch-it:simpnews:2.30.6:*:*:*:*:*:*:*
boesch-itsimpnews2.31.0cpe:2.3:a:boesch-it:simpnews:2.31.0:*:*:*:*:*:*:*
boesch-itsimpnews2.32.0cpe:2.3:a:boesch-it:simpnews:2.32.0:*:*:*:*:*:*:*
boesch-itsimpnews2.32.1cpe:2.3:a:boesch-it:simpnews:2.32.1:*:*:*:*:*:*:*
boesch-itsimpnews2.33.0cpe:2.3:a:boesch-it:simpnews:2.33.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
boesch-it	simpnews	*	cpe:2.3:a:boesch-it:simpnews::::::::
boesch-it	simpnews	2.0.1	cpe:2.3:a:boesch-it:simpnews:2.0.1:::::::*
boesch-it	simpnews	2.13	cpe:2.3:a:boesch-it:simpnews:2.13:::::::*
boesch-it	simpnews	2.30	cpe:2.3:a:boesch-it:simpnews:2.30:::::::*
boesch-it	simpnews	2.30.2	cpe:2.3:a:boesch-it:simpnews:2.30.2:::::::*
boesch-it	simpnews	2.30.6	cpe:2.3:a:boesch-it:simpnews:2.30.6:::::::*
boesch-it	simpnews	2.31.0	cpe:2.3:a:boesch-it:simpnews:2.31.0:::::::*
boesch-it	simpnews	2.32.0	cpe:2.3:a:boesch-it:simpnews:2.32.0:::::::*
boesch-it	simpnews	2.32.1	cpe:2.3:a:boesch-it:simpnews:2.32.1:::::::*
boesch-it	simpnews	2.33.0	cpe:2.3:a:boesch-it:simpnews:2.33.0:::::::*

Rows per page:

1-10 of 321

References

packetstormsecurity.org/1007-exploits/simpnews-xss.txt

www.securityfocus.com/archive/1/512271/100/0/threaded

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

71.4%

JSON

Related for CVE-2010-2859