Lucene search

[email protected]CVE-2003-1571

HistoryApr 02, 2009 - 3:30 p.m.

CVE-2003-1571

2009-04-0215:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2003-1571

web wiz guestbook 6.0

sensitive information

access control

remote attackers

database exposure

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.9%

JSON

Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.

Affected configurations

NVD

Node

webwizguideweb_wiz_guestbookMatch6.0

webwizguideweb_wiz_guestbookMatch8.21

CPENameOperatorVersion
webwizguide:web_wiz_guestbookwebwizguide web wiz guestbookeq6.0
webwizguide:web_wiz_guestbookwebwizguide web wiz guestbookeq8.21

CPE	Name	Operator	Version
webwizguide:web_wiz_guestbook	webwizguide web wiz guestbook	eq	6.0
webwizguide:web_wiz_guestbook	webwizguide web wiz guestbook	eq	8.21

References

secunia.com/advisories/9639

www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=25863

www.osvdb.org/2492

www.exploit-db.com/exploits/7488

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CVE-2003-1571

cvelist1 nvd1