Lucene search

[email protected]CVE-2007-0543

HistoryJan 29, 2007 - 5:28 p.m.

CVE-2007-0543

2007-01-2917:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0543

zixforum

sensitive information

access control

remote attackers

passwords

6.6 Medium

AI Score

Confidence

Low

9.4 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

0.006 Low

EPSS

Percentile

78.5%

JSON

ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.

CPENameOperatorVersion
zixforum:zixforumzixforumle1.14

CPE	Name	Operator	Version
zixforum:zixforum	zixforum	le	1.14

References

securityreason.com/securityalert/2189

www.securityfocus.com/archive/1/457950/100/0/threaded

www.securityfocus.com/archive/1/458135/100/100/threaded

6.6 Medium

AI Score

Confidence

Low

9.4 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

0.006 Low

EPSS

Percentile

78.5%

JSON

Related for CVE-2007-0543

nessus1 cvelist1 prion1 securityvulns1