Lucene search

[email protected]CVE-2009-4096

HistoryNov 29, 2009 - 1:08 p.m.

CVE-2009-4096

2009-11-2913:08:29

CWE-255

[email protected]

web.nvd.nist.gov

cve-2009-4096

radio istek scripti 2.5

vulnerability

remote attackers

sensitive information

access control

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.9%

JSON

RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc.

Affected configurations

NVD

Node

scriptlerimradio_isetek_scriptiMatch2.5

CPENameOperatorVersion
scriptlerim:radio_isetek_scriptiscriptlerim radio isetek scriptieq2.5

CPE	Name	Operator	Version
scriptlerim:radio_isetek_scripti	scriptlerim radio isetek scripti	eq	2.5

References

osvdb.org/60516

packetstormsecurity.org/0911-exploits/istek-disclose.txt

secunia.com/advisories/37478

www.exploit-db.com/exploits/10231

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for CVE-2009-4096

prion1 cvelist1 nvd1