Lucene search

[email protected]CVE-2009-1053

HistoryMar 24, 2009 - 2:30 p.m.

CVE-2009-1053

2009-03-2414:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-1053

chaozzdb

information security

access control

remote attackers

user credentials

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.1%

JSON

chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.

Affected configurations

NVD

Node

chaozzchaozzdbRange≤1.2

chaozzchaozzdbMatch1.0

chaozzchaozzdbMatch1.1

CPENameOperatorVersion
chaozz:chaozzdbchaozz chaozzdble1.2
chaozz:chaozzdbchaozz chaozzdbeq1.0
chaozz:chaozzdbchaozz chaozzdbeq1.1

CPE	Name	Operator	Version
chaozz:chaozzdb	chaozz chaozzdb	le	1.2
chaozz:chaozzdb	chaozz chaozzdb	eq	1.0
chaozz:chaozzdb	chaozz chaozzdb	eq	1.1

References

e-rdc.org/v1/news.php?readmore=129

www.securityfocus.com/archive/1/501901/100/0/threaded

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.1%

JSON

Related for CVE-2009-1053

cvelist1 nvd1 prion1