Lucene search

[email protected]NVD:CVE-2012-3354

HistoryNov 20, 2012 - 12:55 a.m.

CVE-2012-3354

2012-11-2000:55:00

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

JSON

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

Affected configurations

NVD

Node

dokuwikidokuwikiMatch-

fedoraprojectfedoraMatch16

fedoraprojectfedoraMatch17

fedoraprojectfedoraMatch18

References

lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html

lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html

lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html

www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure

www.mandriva.com/security/advisories?name=MDVSA-2013:073

www.openwall.com/lists/oss-security/2012/06/24/2

www.openwall.com/lists/oss-security/2012/06/25/2

bugzilla.redhat.com/show_bug.cgi?id=835145

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for NVD:CVE-2012-3354

cvelist1 debiancve1 prion1 cve1 ubuntucve1 nessus4 openvas4 fedora3