Lucene search

[email protected]CVE-2005-0855

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0855

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

cve

2005

0855

coolforum

beta

path information

php

error message

security vulnerability

remote attack

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.2%

JSON

CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message.

Affected configurations

NVD

Node

coolforumcoolforumRange≤0.8.1_beta

CPENameOperatorVersion
coolforum:coolforumcoolforumle0.8.1_beta

CPE	Name	Operator	Version
coolforum:coolforum	coolforum	le	0.8.1_beta

References

seclists.org/lists/bugtraq/2005/Mar/0358.html

securitytracker.com/id?1013474

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.2%

JSON

Related for CVE-2005-0855

cvelist1 nvd1