Lucene search

[email protected]CVE-2004-1990

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-1990

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

cve-2004-1990

aldo's web server

aweb

remote attackers

sensitive information disclosure

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

Aldo’s Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request.

Affected configurations

NVD

Node

aldo_vargasaldos_web_serverMatch1.5

CPENameOperatorVersion
aldo_vargas:aldos_web_serveraldo vargas aldos web servereq1.5

CPE	Name	Operator	Version
aldo_vargas:aldos_web_server	aldo vargas aldos web server	eq	1.5

References

marc.info/?l=bugtraq&m=108360629031227&w=2

secunia.com/advisories/11542

www.oliverkarow.de/research/AldosWebserverMultipleVulns.txt

www.osvdb.org/5880

www.securityfocus.com/bid/10262

exchange.xforce.ibmcloud.com/vulnerabilities/16047

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

Related for CVE-2004-1990

cvelist1 nvd1