Lucene search

[email protected]CVE-2005-4147

HistoryDec 10, 2005 - 11:03 a.m.

CVE-2005-4147

2005-12-1011:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4147

lyris listmanager

tclhttpd

remote attack

source code disclosure

7.4 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.4%

JSON

The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml (TCL) files via (1) a request with a trailing null byte (%00), which might also require (2) an authentication bypass step that involves a username with a trailing “@” characters.

CPENameOperatorVersion
lyris_technologies_inc:listmanagerlyris technologies inc listmanagereq5.0
lyris_technologies_inc:listmanagerlyris technologies inc listmanagereq8.0
lyris_technologies_inc:listmanagerlyris technologies inc listmanagereq8.8a
lyris_technologies_inc:listmanagerlyris technologies inc listmanagereq6.0
lyris_technologies_inc:listmanagerlyris technologies inc listmanagereq7.0

CPE	Name	Operator	Version
lyris_technologies_inc:listmanager	lyris technologies inc listmanager	eq	5.0
lyris_technologies_inc:listmanager	lyris technologies inc listmanager	eq	8.0
lyris_technologies_inc:listmanager	lyris technologies inc listmanager	eq	8.8a
lyris_technologies_inc:listmanager	lyris technologies inc listmanager	eq	6.0
lyris_technologies_inc:listmanager	lyris technologies inc listmanager	eq	7.0

References

archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html

metasploit.com/research/vulns/lyris_listmanager/

secunia.com/advisories/17943

www.osvdb.org/21551

www.osvdb.org/21573

www.securityfocus.com/archive/1/419077/100/0/threaded

www.securityfocus.com/bid/15788

www.vupen.com/english/advisories/2005/2820

7.4 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.4%

JSON

Related for CVE-2005-4147

nessus1