Lucene search

[email protected]CVE-2009-4095

HistoryNov 29, 2009 - 1:07 p.m.

CVE-2009-4095

2009-11-2913:07:35

CWE-287

[email protected]

web.nvd.nist.gov

cve-2009-4095

myphile 1.2.1

authentication bypass

empty password

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.5%

JSON

myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

companionwaymyphileMatch1.2.1

CPENameOperatorVersion
companionway:myphilecompanionway myphileeq1.2.1

CPE	Name	Operator	Version
companionway:myphile	companionway myphile	eq	1.2.1

References

companionway.net/files/myphile/

secunia.com/advisories/37322

www.vupen.com/english/advisories/2009/3289

exchange.xforce.ibmcloud.com/vulnerabilities/54350

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.5%

JSON

Related for CVE-2009-4095

cvelist1 prion1 nvd1