Lucene search

[email protected]CVE-2011-0774

HistoryFeb 04, 2011 - 1:00 a.m.

CVE-2011-0774

2011-02-0401:00:10

CWE-200

[email protected]

web.nvd.nist.gov

cve-2011-0774

pivotx

sensitive information disclosure

remote attack

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.

Affected configurations

NVD

Node

pivotxpivotxMatch2.2.2

CPENameOperatorVersion
pivotx:pivotxpivotxeq2.2.2

CPE	Name	Operator	Version
pivotx:pivotx	pivotx	eq	2.2.2

References

blog.pivotx.net/archive/2011/01/11/pivotx-222-released

pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410

www.htbridge.ch/advisory/path_disclousure_in_pivotx.html

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for CVE-2011-0774

cvelist1 prion1 nvd1