Lucene search

[email protected]NVD:CVE-2005-4013

HistoryDec 05, 2005 - 11:03 a.m.

CVE-2005-4013

2005-12-0511:03:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.011

Percentile

84.5%

JSON

PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file.

Affected configurations

Nvd

Node

php_webstatistikMatch1.4

VendorProductVersionCPE
php_webstatistik1.4cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php_web	statistik	1.4	cpe:2.3:a:php_web:statistik:1.4:::::::*

References

cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html

freewebstat.com/changelog-english.html

secunia.com/advisories/17789

www.osvdb.org/21209

www.osvdb.org/21210

www.ush.it/2005/11/19/php-web-statistik/

www.vupen.com/english/advisories/2005/2645

exchange.xforce.ibmcloud.com/vulnerabilities/23382

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.011

Percentile

84.5%

JSON

Related for NVD:CVE-2005-4013

cvelist1 cve1