Lucene search

[email protected]CVE-2006-0756

HistoryFeb 18, 2006 - 2:02 a.m.

CVE-2006-0756

2006-02-1802:02:00

[email protected]

web.nvd.nist.gov

cve-2006-0756

dotproject

phpinfo.php

check.php

remote attackers

sensitive information

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php

Affected configurations

NVD

Node

dotprojectdotprojectMatch2.0

dotprojectdotprojectMatch2.0.1

CPENameOperatorVersion
dotproject:dotprojectdotprojecteq2.0
dotproject:dotprojectdotprojecteq2.0.1

CPE	Name	Operator	Version
dotproject:dotproject	dotproject	eq	2.0
dotproject:dotproject	dotproject	eq	2.0.1

References

secunia.com/advisories/18879

securityreason.com/securityalert/434

www.osvdb.org/23207

www.osvdb.org/23208

www.securityfocus.com/archive/1/424957/100/0/threaded

www.securityfocus.com/archive/1/425285/100/0/threaded

www.securityfocus.com/bid/16648

www.vupen.com/english/advisories/2006/0604

exchange.xforce.ibmcloud.com/vulnerabilities/24745

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2006-0756

nvd1 prion1 nessus1 cvelist1