Lucene search

[email protected]CVE-2008-4164

HistorySep 22, 2008 - 6:52 p.m.

CVE-2008-4164

2008-09-2218:52:13

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-4164

memht portal

information disclosure

security vulnerability

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.7%

JSON

cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

Affected configurations

NVD

Node

memhtmemht_portalRange≤3.9.0

memhtmemht_portalMatch3.1

memhtmemht_portalMatch3.4

memhtmemht_portalMatch3.4.5

memhtmemht_portalMatch3.6.0

memhtmemht_portalMatch3.8.5

CPENameOperatorVersion
memht:memht_portalmemht memht portalle3.9.0
memht:memht_portalmemht memht portaleq3.1
memht:memht_portalmemht memht portaleq3.4
memht:memht_portalmemht memht portaleq3.4.5
memht:memht_portalmemht memht portaleq3.6.0
memht:memht_portalmemht memht portaleq3.8.5

CPE	Name	Operator	Version
memht:memht_portal	memht memht portal	le	3.9.0
memht:memht_portal	memht memht portal	eq	3.1
memht:memht_portal	memht memht portal	eq	3.4
memht:memht_portal	memht memht portal	eq	3.4.5
memht:memht_portal	memht memht portal	eq	3.6.0
memht:memht_portal	memht memht portal	eq	3.8.5

References

securityreason.com/securityalert/4288

exchange.xforce.ibmcloud.com/vulnerabilities/45413

www.exploit-db.com/exploits/6393

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for CVE-2008-4164

cvelist1 nvd1 prion1