Lucene search

[email protected]CVE-2000-1166

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2000-1166

2002-06-2504:00:00

[email protected]

web.nvd.nist.gov

twig webmail

security flaw

remote attack

php3 code

cve-2000-1166

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

Twig webmail system does not properly set the “vhosts” variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

Affected configurations

NVD

Node

twig_development_teamtwigMatch2.5.1

CPENameOperatorVersion
twig_development_team:twigtwig development team twigeq2.5.1

CPE	Name	Operator	Version
twig_development_team:twig	twig development team twig	eq	2.5.1

References

archives.neohapsis.com/archives/bugtraq/2000-11/0351.html

twig.screwdriver.net/file.php3?file=CHANGELOG

www.securityfocus.com/bid/1998

exchange.xforce.ibmcloud.com/vulnerabilities/5581

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2000-1166

nvd1 cvelist1