Lucene search

[email protected]CVE-2002-0445

HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-0445

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0445

php firstpost 0.1

server pathname leak

remote attacker

error message

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.

Affected configurations

NVD

Node

php_firstpostphp_firstpostMatch0.1

CPENameOperatorVersion
php_firstpost:php_firstpostphp firstposteq0.1

CPE	Name	Operator	Version
php_firstpost:php_firstpost	php firstpost	eq	0.1

References

www.iss.net/security_center/static/8434.php

www.osvdb.org/7170

www.securityfocus.com/archive/1/261337

www.securityfocus.com/bid/4274

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2002-0445

cvelist1 nvd1