Lucene search

[email protected]CVE-2005-1148

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-1148

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

calendar.pl

calendarscript 3.21

remote attackers

sensitive information

invalid parameters

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.3%

JSON

calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information.

Affected configurations

NVD

Node

calendarscriptcalendarscriptMatch3.20

calendarscriptcalendarscriptMatch3.21

CPENameOperatorVersion
calendarscript:calendarscriptcalendarscripteq3.20
calendarscript:calendarscriptcalendarscripteq3.21

CPE	Name	Operator	Version
calendarscript:calendarscript	calendarscript	eq	3.20
calendarscript:calendarscript	calendarscript	eq	3.21

References

securitytracker.com/id?1013705

www.snkenjoi.com/secadv/secadv3.txt

exchange.xforce.ibmcloud.com/vulnerabilities/20102

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for CVE-2005-1148

nvd1 cvelist1