Lucene search

[email protected]CVE-2004-0350

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0350

2004-11-2305:00:00

[email protected]

web.nvd.nist.gov

spidersales

shopping cart

private key

length enforcement

unauthorized access

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring.

Affected configurations

NVD

Node

spidersalesspidersalesMatch2.0

CPENameOperatorVersion
spidersales:spidersalesspidersaleseq2.0

CPE	Name	Operator	Version
spidersales:spidersales	spidersales	eq	2.0

References

lists.grok.org.uk/pipermail/full-disclosure/2004-March/018177.html

marc.info/?l=bugtraq&m=107833097705486&w=2

www.s-quadra.com/advisories/Adv-20040303.txt

www.securityfocus.com/bid/9799

exchange.xforce.ibmcloud.com/vulnerabilities/15370

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-0350

nvd1 cvelist1