Lucene search

MitreCVE-2004-1572

HistoryFeb 20, 2005 - 5:00 a.m.

CVE-2004-1572

2005-02-2005:00:00

mitre

web.nvd.nist.gov

aj-fork

directory access

vulnerability

remote attackers

http request

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.008

Percentile

81.3%

JSON

AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.

Affected configurations

Nvd

Node

aj-forkaj-forkMatch167

VendorProductVersionCPE
aj-forkaj-fork167cpe:2.3:a:aj-fork:aj-fork:167:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aj-fork	aj-fork	167	cpe:2.3:a:aj-fork:aj-fork:167:::::::*

References

echo.or.id/adv/adv07-y3dips-2004.txt

marc.info/?l=bugtraq&m=109664986210763&w=2

securitytracker.com/id?1011484

www.securityfocus.com/bid/11301

exchange.xforce.ibmcloud.com/vulnerabilities/17569

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.008

Percentile

81.3%

JSON

Related for CVE-2004-1572