Lucene search

[email protected]CVE-2003-1409

HistoryOct 20, 2007 - 10:00 a.m.

CVE-2003-1409

2007-10-2010:00:00

CWE-200

[email protected]

web.nvd.nist.gov

topo

sensitive information disclosure

http request

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.

Affected configurations

NVD

Node

ej3topoMatch1.43

CPENameOperatorVersion
ej3:topoej3 topoeq1.43

CPE	Name	Operator	Version
ej3:topo	ej3 topo	eq	1.43

References

archives.neohapsis.com/archives/bugtraq/2003-02/0049.html

secunia.com/advisories/8008

www.securityfocus.com/bid/6768

exchange.xforce.ibmcloud.com/vulnerabilities/11248

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

Related for CVE-2003-1409

nvd1 cvelist1