Lucene search

[email protected]CVE-2007-0155

HistoryJan 09, 2007 - 6:28 p.m.

CVE-2007-0155

2007-01-0918:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0155

harikaonline 2.0

sensitive information

access control

remote attackers

database

passwords

web security

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.0%

JSON

HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.

Affected configurations

NVD

Node

harikaonlineharikaonlineMatch2.0

CPENameOperatorVersion
harikaonline:harikaonlineharikaonlineeq2.0

CPE	Name	Operator	Version
harikaonline:harikaonline	harikaonline	eq	2.0

References

osvdb.org/33410

securityreason.com/securityalert/2125

www.securityfocus.com/archive/1/456238/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/31339

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.0%

JSON

Related for CVE-2007-0155

prion1 nvd1 cvelist1 securityvulns1