Lucene search

[email protected]CVE-2003-1404

HistoryOct 20, 2007 - 10:00 a.m.

CVE-2003-1404

2007-10-2010:00:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2003-1404

dotbr 0.1

access control

information disclosure

sql injection

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.2%

JSON

DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.

Affected configurations

NVD

Node

dotbrbotbrMatch0.1

CPENameOperatorVersion
dotbr:botbrdotbr botbreq0.1

CPE	Name	Operator	Version
dotbr:botbr	dotbr botbr	eq	0.1

References

archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html

www.osvdb.org/5092

www.securityfocus.com/bid/6865

exchange.xforce.ibmcloud.com/vulnerabilities/11354

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2003-1404

cvelist1 nvd1