Lucene search

[email protected]CVE-2009-4904

HistoryJun 25, 2010 - 7:30 p.m.

CVE-2009-4904

2010-06-2519:30:00

CWE-264

[email protected]

web.nvd.nist.gov

oblog

article.php

denial of service

cve-2009-4904

nvd

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

65.3%

JSON

article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action.

CPENameOperatorVersion
dootzky:oblogdootzky oblogeq*

CPE	Name	Operator	Version
dootzky:oblog	dootzky oblog	eq	*

References

packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt

exchange.xforce.ibmcloud.com/vulnerabilities/59825

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for CVE-2009-4904

cvelist1 prion1