Lucene search

FreeBSD6DD5E45C-F084-11E1-8D0F-406186F3D89D

HistoryMar 29, 2012 - 12:00 a.m.

coppermine -- Multiple vulnerabilities

2012-03-2900:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.4%

JSON

The Coppermine Team reports:

The release covers several path disclosure vulnerabilities. If
unpatched, it’s possible to generate an error that will reveal the
full path of the script. A remote user can determine the full path
to the web root directory and other potentially sensitive
information. Furthermore, the release covers a recently discovered
XSS vulnerability that allows (if unpatched) a malevolent visitor to
include own script routines under certain conditions.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchcoppermine< 1.5.20UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	coppermine	< 1.5.20	UNKNOWN

References

forum.coppermine-gallery.net/index.php/topic,74682.0.html

seclists.org/oss-sec/2012/q2/11

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.4%

JSON

Related for 6DD5E45C-F084-11E1-8D0F-406186F3D89D