Lucene search

[email protected]CVE-2005-4026

HistoryDec 05, 2005 - 11:03 a.m.

CVE-2005-4026

2005-12-0511:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2005-4026

geeklog

information disclosure

web server path

security vulnerability

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.3%

JSON

search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message.

CPENameOperatorVersion
geeklog:geekloggeeklogeq1.4.0
geeklog:geekloggeeklogle1.3.11

CPE	Name	Operator	Version
geeklog:geeklog	geeklog	eq	1.4.0
geeklog:geeklog	geeklog	le	1.3.11

References

pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html

www.geeklog.net/article.php/geeklog-1.3.11sr3

www.osvdb.org/21398

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.3%

JSON