Lucene search

[email protected]CVE-2003-1173

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2003-1173

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

centrinity firstclass 7.1

remote attackers

sensitive information

url manipulation

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.031 Low

EPSS

Percentile

91.2%

JSON

Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.

Affected configurations

NVD

Node

centrinitycentrinity_firstclassMatch7.1

References

secunia.com/advisories/10084

www.osvdb.org/2723

www.securityfocus.com/archive/1/342765

www.securityfocus.com/archive/1/342909

www.securityfocus.com/bid/8920

exchange.xforce.ibmcloud.com/vulnerabilities/13546

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.031 Low

EPSS

Percentile

91.2%

JSON

Related for CVE-2003-1173

cvelist1 nvd1