Lucene search

[email protected]CVE-2004-2347

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2347

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-2347

leif m. wright web blog

remote execution

shell metacharacters

security vulnerability

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.084 Low

EPSS

Percentile

94.3%

JSON

blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as ‘|’ in the file parameter of ViewFile requests.

CPENameOperatorVersion
leif_m._wright:web_blogleif m. wright web blogeq1.1.5
leif_m._wright:web_blogleif m. wright web blogeq1.1

CPE	Name	Operator	Version
leif_m._wright:web_blog	leif m. wright web blog	eq	1.1.5
leif_m._wright:web_blog	leif m. wright web blog	eq	1.1

References

leifwright.com/scripts/Blog.html

secunia.com/advisories/10776/

www.osvdb.org/3793

www.securityfocus.com/archive/1/352303

www.securityfocus.com/bid/9539

exchange.xforce.ibmcloud.com/vulnerabilities/15019

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.084 Low

EPSS

Percentile

94.3%

JSON

Related for CVE-2004-2347

nessus1 cve1