Lucene search

[email protected]CVE-2005-3766

HistoryNov 22, 2005 - 11:03 p.m.

CVE-2005-3766

2005-11-2223:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

exponent cms

sensitive user pages

access vulnerability

cve-2005-3766

nvd

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.0%

JSON

Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files.

CPENameOperatorVersion
exponent:exponentexponenteq0.94
exponent:exponentexponenteq0.96.3
exponent:exponentexponenteq0.96.1
exponent:exponentexponenteq0.95
exponent:exponentexponenteq0.96.4

CPE	Name	Operator	Version
exponent:exponent	exponent	eq	0.94
exponent:exponent	exponent	eq	0.96.3
exponent:exponent	exponent	eq	0.96.1
exponent:exponent	exponent	eq	0.95
exponent:exponent	exponent	eq	0.96.4

References

secunia.com/advisories/17505

secunia.com/advisories/17655

www.securityfocus.com/archive/1/417218

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.0%

JSON

Related for CVE-2005-3766

nessus1