Lucene search

[email protected]CVE-2002-2045

HistoryJul 14, 2005 - 4:00 a.m.

CVE-2002-2045

2005-07-1404:00:00

[email protected]

web.nvd.nist.gov

cve-2002-2045

x-stat

php commands

remote attackers

web server:path leakage

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.6 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.2%

JSON

x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.

Affected configurations

NVD

Node

xqusx-statMatch2.2

xqusx-statMatch2.3

CPENameOperatorVersion
xqus:x-statxqus x-stateq2.2
xqus:x-statxqus x-stateq2.3

CPE	Name	Operator	Version
xqus:x-stat	xqus x-stat	eq	2.2
xqus:x-stat	xqus x-stat	eq	2.3

References

seclists.org/lists/vuln-dev/2002/Mar/0156.html

securitytracker.com/id?1003827

www.ifrance.com/kitetoua/tuto/x_holes.txt

www.securityfocus.com/bid/4279

www.securityfocus.com/bid/4280

exchange.xforce.ibmcloud.com/vulnerabilities/8466

exchange.xforce.ibmcloud.com/vulnerabilities/8467

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.6 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.2%

JSON

Related for CVE-2002-2045

nvd1 cvelist1