Lucene search

[email protected]CVE-2004-0351

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0351

2004-11-2305:00:00

[email protected]

web.nvd.nist.gov

spider sales

shopping cart

vulnerability

private key

public key

data decryption

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data.

Affected configurations

NVD

Node

spidersalesspidersalesMatch2.0

CPENameOperatorVersion
spidersales:spidersalesspidersaleseq2.0

CPE	Name	Operator	Version
spidersales:spidersales	spidersales	eq	2.0

References

lists.grok.org.uk/pipermail/full-disclosure/2004-March/018177.html

marc.info/?l=bugtraq&m=107833097705486&w=2

www.securityfocus.com/bid/9799

exchange.xforce.ibmcloud.com/vulnerabilities/15370

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-0351

nvd1 cvelist1