Lucene search

[email protected]CVE-2012-4235

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4235

2022-10-0316:15:32

CWE-200

[email protected]

web.nvd.nist.gov

cve-2012-4235

rsgallery2

joomla

directory listing

security advisory

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.7%

JSON

The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI.

Affected configurations

NVD

Node

rsgallery2com_rsgallery2Range≤3.1.0

rsgallery2com_rsgallery2Match1.9.0-4alpha

rsgallery2com_rsgallery2Match1.9.4alpha

rsgallery2com_rsgallery2Match1.9.5alpha

rsgallery2com_rsgallery2Match1.10.1alpha

rsgallery2com_rsgallery2Match1.10.2alpha

rsgallery2com_rsgallery2Match1.10.5alpha

rsgallery2com_rsgallery2Match1.10.6alpha

rsgallery2com_rsgallery2Match1.10.7alpha

rsgallery2com_rsgallery2Match1.10.8alpha

rsgallery2com_rsgallery2Match1.10.9alpha

rsgallery2com_rsgallery2Match1.10.10alpha

rsgallery2com_rsgallery2Match1.10.11alpha

rsgallery2com_rsgallery2Match1.10.13alpha

rsgallery2com_rsgallery2Match1.10.14alpha

rsgallery2com_rsgallery2Match1.11.0alpha

rsgallery2com_rsgallery2Match1.11.1alpha

rsgallery2com_rsgallery2Match1.11.2alpha

rsgallery2com_rsgallery2Match1.11.3alpha

rsgallery2com_rsgallery2Match1.11.4alpha

rsgallery2com_rsgallery2Match1.11.5alpha

rsgallery2com_rsgallery2Match1.11.6alpha

rsgallery2com_rsgallery2Match1.11.7alpha

rsgallery2com_rsgallery2Match1.11.8alpha

rsgallery2com_rsgallery2Match1.11.10alpha

rsgallery2com_rsgallery2Match1.11.11alpha

rsgallery2com_rsgallery2Match1.12.0alpha

rsgallery2com_rsgallery2Match1.12.1alpha

rsgallery2com_rsgallery2Match1.12.2alpha

rsgallery2com_rsgallery2Match1.13.0alpha

rsgallery2com_rsgallery2Match1.13.1alpha

rsgallery2com_rsgallery2Match1.14.0alpha

rsgallery2com_rsgallery2Match1.14.1alpha

rsgallery2com_rsgallery2Match2.1.0beta

rsgallery2com_rsgallery2Match2.1.1

rsgallery2com_rsgallery2Match3.0rc1

rsgallery2com_rsgallery2Match3.0.1

AND

joomlajoomla\!Match2.5.0

joomlajoomla\!Match2.5.1

joomlajoomla\!Match2.5.2

joomlajoomla\!Match2.5.3

joomlajoomla\!Match2.5.4

joomlajoomla\!Match2.5.5

joomlajoomla\!Match2.5.6

CPENameOperatorVersion
rsgallery2:com_rsgallery2rsgallery2 com rsgallery2le3.1.0
rsgallery2:com_rsgallery2rsgallery2 com rsgallery2eq1.9.0-4
rsgallery2:com_rsgallery2rsgallery2 com rsgallery2eq1.9.4
rsgallery2:com_rsgallery2rsgallery2 com rsgallery2eq1.9.5
rsgallery2:com_rsgallery2rsgallery2 com rsgallery2eq1.10.1
rsgallery2:com_rsgallery2rsgallery2 com rsgallery2eq1.10.2
rsgallery2:com_rsgallery2rsgallery2 com rsgallery2eq1.10.5
rsgallery2:com_rsgallery2rsgallery2 com rsgallery2eq1.10.6
rsgallery2:com_rsgallery2rsgallery2 com rsgallery2eq1.10.7
rsgallery2:com_rsgallery2rsgallery2 com rsgallery2eq1.10.8

CPE	Name	Operator	Version
rsgallery2:com_rsgallery2	rsgallery2 com rsgallery2	le	3.1.0
rsgallery2:com_rsgallery2	rsgallery2 com rsgallery2	eq	1.9.0-4
rsgallery2:com_rsgallery2	rsgallery2 com rsgallery2	eq	1.9.4
rsgallery2:com_rsgallery2	rsgallery2 com rsgallery2	eq	1.9.5
rsgallery2:com_rsgallery2	rsgallery2 com rsgallery2	eq	1.10.1
rsgallery2:com_rsgallery2	rsgallery2 com rsgallery2	eq	1.10.2
rsgallery2:com_rsgallery2	rsgallery2 com rsgallery2	eq	1.10.5
rsgallery2:com_rsgallery2	rsgallery2 com rsgallery2	eq	1.10.6
rsgallery2:com_rsgallery2	rsgallery2 com rsgallery2	eq	1.10.7
rsgallery2:com_rsgallery2	rsgallery2 com rsgallery2	eq	1.10.8

Rows per page:

1-10 of 371

References

extensions.joomla.org/extensions/photos-a-images/photo-gallery/142

joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip

joomlacode.org/gf/project/rsgallery2/news/

www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for CVE-2012-4235

prion1 cvelist1 nvd1