Lucene search

RedhatCVE-2010-3713

HistoryOct 28, 2010 - 12:00 a.m.

CVE-2010-3713

2010-10-2800:00:04

CWE-264

redhat

web.nvd.nist.gov

usebb

cve-2010-3713

access restrictions

forum feed

topic feed

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

65.6%

JSON

rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed.

Affected configurations

Nvd

Node

usebbusebbRange≤1.0.10

usebbusebbMatch0.1

usebbusebbMatch0.1.1

usebbusebbMatch0.2

usebbusebbMatch0.2.1

usebbusebbMatch0.2.2

usebbusebbMatch0.2.3

usebbusebbMatch0.2.3a

usebbusebbMatch0.3

usebbusebbMatch0.3.1

usebbusebbMatch0.3.2

usebbusebbMatch0.4

usebbusebbMatch0.4.1

usebbusebbMatch0.5

usebbusebbMatch0.5.1

usebbusebbMatch0.5.1a

usebbusebbMatch0.6

usebbusebbMatch0.6a

usebbusebbMatch0.7beta1

usebbusebbMatch0.7beta2

usebbusebbMatch1.0

usebbusebbMatch1.0rc1

usebbusebbMatch1.0rc2

usebbusebbMatch1.0rc3

usebbusebbMatch1.0.1

usebbusebbMatch1.0.2

usebbusebbMatch1.0.3

usebbusebbMatch1.0.4

usebbusebbMatch1.0.5

usebbusebbMatch1.0.6

usebbusebbMatch1.0.7

usebbusebbMatch1.0.9

VendorProductVersionCPE
usebbusebb*cpe:2.3:a:usebb:usebb:*:*:*:*:*:*:*:*
usebbusebb0.1cpe:2.3:a:usebb:usebb:0.1:*:*:*:*:*:*:*
usebbusebb0.1.1cpe:2.3:a:usebb:usebb:0.1.1:*:*:*:*:*:*:*
usebbusebb0.2cpe:2.3:a:usebb:usebb:0.2:*:*:*:*:*:*:*
usebbusebb0.2.1cpe:2.3:a:usebb:usebb:0.2.1:*:*:*:*:*:*:*
usebbusebb0.2.2cpe:2.3:a:usebb:usebb:0.2.2:*:*:*:*:*:*:*
usebbusebb0.2.3cpe:2.3:a:usebb:usebb:0.2.3:*:*:*:*:*:*:*
usebbusebb0.2.3cpe:2.3:a:usebb:usebb:0.2.3:a:*:*:*:*:*:*
usebbusebb0.3cpe:2.3:a:usebb:usebb:0.3:*:*:*:*:*:*:*
usebbusebb0.3.1cpe:2.3:a:usebb:usebb:0.3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
usebb	usebb	*	cpe:2.3:a:usebb:usebb::::::::
usebb	usebb	0.1	cpe:2.3:a:usebb:usebb:0.1:::::::*
usebb	usebb	0.1.1	cpe:2.3:a:usebb:usebb:0.1.1:::::::*
usebb	usebb	0.2	cpe:2.3:a:usebb:usebb:0.2:::::::*
usebb	usebb	0.2.1	cpe:2.3:a:usebb:usebb:0.2.1:::::::*
usebb	usebb	0.2.2	cpe:2.3:a:usebb:usebb:0.2.2:::::::*
usebb	usebb	0.2.3	cpe:2.3:a:usebb:usebb:0.2.3:::::::*
usebb	usebb	0.2.3	cpe:2.3:a:usebb:usebb:0.2.3:a::::::
usebb	usebb	0.3	cpe:2.3:a:usebb:usebb:0.3:::::::*
usebb	usebb	0.3.1	cpe:2.3:a:usebb:usebb:0.3.1:::::::*

Rows per page:

1-10 of 321

References

www.openwall.com/lists/oss-security/2010/10/08/5

www.openwall.com/lists/oss-security/2010/10/11/5

www.usebb.net/community/topic-2495.html

www.usebb.net/community/topic.php?id=2501

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

65.6%

JSON

Related for CVE-2010-3713