Lucene search
HistoryMar 03, 2010 - 8:30 p.m.
CVE-2009-4657
xerver 4.32
remote attack
authentication bypass
vulnerability
nvd
cve-2009-4657
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.0%
The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
Affected configurations
Node
omidrouhanixerverMatch4.32
| CPE | Name | Operator | Version |
|---|---|---|---|
| omidrouhani:xerver | omidrouhani xerver | eq | 4.32 |
Related
prion
prion
Authentication flaw
2010-03-03 20:30:00
Code injection
2010-03-03 20:30:00
cvelist
cvelist
CVE-2009-4657
2010-03-03 20:00:00
CVE-2009-4658
2010-03-03 20:00:00
nvd
nvd
CVE-2009-4657
2010-03-03 20:30:00
CVE-2009-4658
2010-03-03 20:30:00
cve
cve
CVE-2009-4658
2010-03-03 20:30:00
openvas
openvas
Xerver HTTP Server Web Administration Denial of Service Vulnerability
2010-03-10 00:00:00
Xerver HTTP Server Web Administration <= 4.32 DoS Vulnerability
2010-03-10 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.0%
Related for CVE-2009-4657