Lucene search

[email protected]CVE-2005-2956

HistorySep 16, 2005 - 10:03 p.m.

CVE-2005-2956

2005-09-1622:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

atutor

chat logs

access control

security vulnerability

cve-2005-2956

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.021 Low

EPSS

Percentile

89.3%

JSON

ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.

CPENameOperatorVersion
adaptive_technology_resource_centre:atutoradaptive technology resource centre atutoreq1.5.1

CPE	Name	Operator	Version
adaptive_technology_resource_centre:atutor	adaptive technology resource centre atutor	eq	1.5.1

References

marc.info/?l=bugtraq&m=112671176100432&w=2

rgod.altervista.org/atutor151.html

securityreason.com/securityalert/9

www.securityfocus.com/bid/14832

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.021 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2005-2956

cvelist1 cve1