Lucene search

MitreCVE-2010-1736

HistoryMay 06, 2010 - 6:30 p.m.

CVE-2010-1736

2010-05-0618:30:00

CWE-264

mitre

web.nvd.nist.gov

cve-2010-1736

krm haber 1.0

sensitive information

web root

access control

remote attackers

database security

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

70.2%

JSON

KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb.

Affected configurations

Nvd

Node

aspindirkrm_haberMatch1.0

VendorProductVersionCPE
aspindirkrm_haber1.0cpe:2.3:a:aspindir:krm_haber:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aspindir	krm_haber	1.0	cpe:2.3:a:aspindir:krm_haber:1.0:::::::*

References

osvdb.org/64217

packetstormsecurity.org/1004-exploits/krmhaber-disclose.txt

secunia.com/advisories/39700

exchange.xforce.ibmcloud.com/vulnerabilities/58284

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

70.2%

JSON

Related for CVE-2010-1736