Lucene search

MitreCVE-2005-4021

HistoryDec 05, 2005 - 11:03 a.m.

CVE-2005-4021

2005-12-0511:03:00

mitre

web.nvd.nist.gov

cve-2005-4021

gallery 2.0

installer

access control

sensitive information

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.006

Percentile

79.1%

JSON

The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.

Affected configurations

Nvd

Node

gallery_projectgalleryMatch2.0

gallery_projectgalleryMatch2.0.1

gallery_projectgalleryMatch2.0_alpha1

gallery_projectgalleryMatch2.0_alpha2

gallery_projectgalleryMatch2.0_alpha3

gallery_projectgalleryMatch2.0_alpha4

gallery_projectgalleryMatch2.0_beta1

gallery_projectgalleryMatch2.0_beta2

gallery_projectgalleryMatch2.0_beta3

gallery_projectgalleryMatch2.0_rc1

gallery_projectgalleryMatch2.0_rc2

VendorProductVersionCPE
gallery_projectgallery2.0cpe:2.3:a:gallery_project:gallery:2.0:*:*:*:*:*:*:*
gallery_projectgallery2.0.1cpe:2.3:a:gallery_project:gallery:2.0.1:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha1cpe:2.3:a:gallery_project:gallery:2.0_alpha1:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha2cpe:2.3:a:gallery_project:gallery:2.0_alpha2:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha3cpe:2.3:a:gallery_project:gallery:2.0_alpha3:*:*:*:*:*:*:*
gallery_projectgallery2.0_alpha4cpe:2.3:a:gallery_project:gallery:2.0_alpha4:*:*:*:*:*:*:*
gallery_projectgallery2.0_beta1cpe:2.3:a:gallery_project:gallery:2.0_beta1:*:*:*:*:*:*:*
gallery_projectgallery2.0_beta2cpe:2.3:a:gallery_project:gallery:2.0_beta2:*:*:*:*:*:*:*
gallery_projectgallery2.0_beta3cpe:2.3:a:gallery_project:gallery:2.0_beta3:*:*:*:*:*:*:*
gallery_projectgallery2.0_rc1cpe:2.3:a:gallery_project:gallery:2.0_rc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gallery_project	gallery	2.0	cpe:2.3:a:gallery_project:gallery:2.0:::::::*
gallery_project	gallery	2.0.1	cpe:2.3:a:gallery_project:gallery:2.0.1:::::::*
gallery_project	gallery	2.0_alpha1	cpe:2.3:a:gallery_project:gallery:2.0_alpha1:::::::*
gallery_project	gallery	2.0_alpha2	cpe:2.3:a:gallery_project:gallery:2.0_alpha2:::::::*
gallery_project	gallery	2.0_alpha3	cpe:2.3:a:gallery_project:gallery:2.0_alpha3:::::::*
gallery_project	gallery	2.0_alpha4	cpe:2.3:a:gallery_project:gallery:2.0_alpha4:::::::*
gallery_project	gallery	2.0_beta1	cpe:2.3:a:gallery_project:gallery:2.0_beta1:::::::*
gallery_project	gallery	2.0_beta2	cpe:2.3:a:gallery_project:gallery:2.0_beta2:::::::*
gallery_project	gallery	2.0_beta3	cpe:2.3:a:gallery_project:gallery:2.0_beta3:::::::*
gallery_project	gallery	2.0_rc1	cpe:2.3:a:gallery_project:gallery:2.0_rc1:::::::*

Rows per page:

1-10 of 111

References

www.securityfocus.com/archive/1/418200/100/0/threaded

www.securityfocus.com/bid/15614

www.vupen.com/english/advisories/2005/2681

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.006

Percentile

79.1%

JSON

Related for CVE-2005-4021