Lucene search

[email protected]CVE-2009-4766

HistoryApr 13, 2010 - 6:30 p.m.

CVE-2009-4766

2010-04-1318:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-4766

yp portal

ms-pro surumu

web security

access control

remote attack

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.2%

JSON

YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for galeri/database/db.mdb.

CPENameOperatorVersion
yasirpro:ms-pro_portal_scriptiyasirpro ms-pro portal scriptieq1.2
yasirpro:ms-pro_portal_scriptiyasirpro ms-pro portal scriptieq1.0

CPE	Name	Operator	Version
yasirpro:ms-pro_portal_scripti	yasirpro ms-pro portal scripti	eq	1.2
yasirpro:ms-pro_portal_scripti	yasirpro ms-pro portal scripti	eq	1.0

References

packetstormsecurity.org/1001-exploits/ypportal-disclose.txt

secunia.com/advisories/38119

www.osvdb.org/61467

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.2%

JSON

Related for CVE-2009-4766

prion1 cvelist1