Lucene search

[email protected]CVE-2009-2233

HistoryJun 26, 2009 - 6:30 p.m.

CVE-2009-2233

2009-06-2618:30:01

CWE-287

[email protected]

web.nvd.nist.gov

cve-2009-2233

awscripts.com

gallery search engine

authentication bypass

remote attackers

administrative access

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.

Affected configurations

NVD

Node

awscriptsgallery_search_engineMatch1.5

CPENameOperatorVersion
awscripts:gallery_search_engineawscripts gallery search engineeq1.5

CPE	Name	Operator	Version
awscripts:gallery_search_engine	awscripts gallery search engine	eq	1.5

References

secunia.com/advisories/35513

www.exploit-db.com/exploits/8994

www.vupen.com/english/advisories/2009/1649

exchange.xforce.ibmcloud.com/vulnerabilities/51276

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Related for CVE-2009-2233

prion1 cvelist1 nvd1