ID CVE-2007-0543Type cveReporter cve@mitre.orgModified 2018-10-16T16:33:00
Description
ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.
{"id": "CVE-2007-0543", "bulletinFamily": "NVD", "title": "CVE-2007-0543", "description": "ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.", "published": "2007-01-29T17:28:00", "modified": "2018-10-16T16:33:00", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0543", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/458135/100/100/threaded", "http://securityreason.com/securityalert/2189", "http://www.securityfocus.com/archive/1/457950/100/0/threaded"], "cvelist": ["CVE-2007-0543"], "type": "cve", "lastseen": "2019-05-29T18:08:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "37d432cd52c42a8527b9b05fcf08765c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "11f40d296227481c4da85da4198e1fbb"}, {"key": "cvss", "hash": "3c451d288d1fdcf1a9d61bfb621d777c"}, {"key": "cvss2", "hash": "762d6f6e465714cfc935b8893e4a0a84"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "95b7b68ea10554137be9d38b2a16f3e8"}, {"key": "href", "hash": "cfa5d70f51bc9fa3b2d32eb65d43012c"}, {"key": "modified", "hash": "5feea0c53b4b8f8e48cfd295809d3128"}, {"key": "published", "hash": "01cabeddfc6d4bf410086f8c4b677eec"}, {"key": "references", "hash": "fe57a9dbf7f7b3d5a9e8be6fe0d59118"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "617e7669e3a109393dd4b37a99847d18"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "cd75bbe2924eb33a9d2eb1c2b50366cd2010d007bcfa11298e9a1c836d0a655d", "viewCount": 0, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2019-05-29T18:08:58"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:9108"]}, {"type": "nessus", "idList": ["ZIXFORUM_DATABASE_DISCLOSURE.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7090"]}], "modified": "2019-05-29T18:08:58"}, "vulnersScore": 5.9}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "zixforum zixforum", "operator": "le", "version": "1.14"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 9.4, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": [], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.john.mypc.nu/Zix\nSecurity Tracker: 1010994\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0547.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0601.html\nISS X-Force ID: 17050\n[CVE-2007-0543](https://vulners.com/cve/CVE-2007-0543)\n", "modified": "2004-08-19T00:00:00", "published": "2004-08-19T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:9108", "id": "OSVDB:9108", "title": "ZixForum Forum ZixForum.mdb Direct Request Database Disclosure", "type": "osvdb", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}}], "nessus": [{"lastseen": "2019-11-03T12:38:51", "bulletinFamily": "scanner", "description": "The remote server is running ZixForum, a set of ASP scripts for a\nweb-based forum. \n\nThis program uses a database named ", "modified": "2019-11-02T00:00:00", "id": "ZIXFORUM_DATABASE_DISCLOSURE.NASL", "href": "https://www.tenable.com/plugins/nessus/14325", "published": "2004-08-22T00:00:00", "title": "ZixForum ZixForum.mdb DIrect Request Database Disclosure", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(14325);\n script_version (\"1.12\");\n script_bugtraq_id(10982);\n script_cve_id(\"CVE-2007-0543\");\n\n script_name(english:\"ZixForum ZixForum.mdb DIrect Request Database Disclosure\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an ASP application that allows for\ninformation disclosure.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote server is running ZixForum, a set of ASP scripts for a\nweb-based forum. \n\nThis program uses a database named 'ZixForum.mdb' that can be\ndownloaded by any client. This database contains discussions, account\ninformation, etc.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Prevent the download of .mdb files from the remote website.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/08/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/08/19\");\n script_cvs_date(\"Date: 2018/08/07 16:46:50\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for ZixForum.mdb\";\n \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n \n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80, embedded: 0);\n\nif (thorough_tests) dirs = list_uniq(make_list(\"/zixforum\", \"/forum\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\nforeach d ( dirs )\n{\n url = string(d, \"/news.mdb\");\n r = http_send_recv3(method: \"GET\", item:url, port:port);\n if (isnull(r)) exit(0);\n \n if(\"Standard Jet DB\" >< r[2])\n {\n report = string(\n \"\\n\",\n \"The database is accessible via the following URL :\\n\",\n \"\\n\",\n \" \", build_url(port:port, qs:url), \"\\n\"\n );\n security_warning(port:port, extra:report);\n exit(0);\n }\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-01-24T00:00:00", "published": "2007-01-24T00:00:00", "id": "SECURITYVULNS:VULN:7090", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7090", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
