Lucene search

[email protected]CVE-2013-5994

HistoryNov 21, 2013 - 4:40 a.m.

CVE-2013-5994

2013-11-2104:40:59

CWE-200

[email protected]

web.nvd.nist.gov

cve-2013-5994

information security

lockon ec-cube

remote attackers

sensitive information

direct request

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

Affected configurations

NVD

Node

lockonec-cubeMatch2.11.2

lockonec-cubeMatch2.11.3

lockonec-cubeMatch2.11.4

lockonec-cubeMatch2.11.5

lockonec-cubeMatch2.12.0

lockonec-cubeMatch2.12.1

lockonec-cubeMatch2.12.2

lockonec-cubeMatch2.12.3

lockonec-cubeMatch2.12.3en

lockonec-cubeMatch2.12.3enp1

lockonec-cubeMatch2.12.3enp2

lockonec-cubeMatch2.12.4en

lockonec-cubeMatch2.12.5

lockonec-cubeMatch2.12.5en

lockonec-cubeMatch2.12.6

lockonec-cubeMatch2.12.6en

lockonec-cubeMatch2.13.0

CPENameOperatorVersion
lockon:ec-cubelockon ec-cubeeq2.11.2
lockon:ec-cubelockon ec-cubeeq2.11.3
lockon:ec-cubelockon ec-cubeeq2.11.4
lockon:ec-cubelockon ec-cubeeq2.11.5
lockon:ec-cubelockon ec-cubeeq2.12.0
lockon:ec-cubelockon ec-cubeeq2.12.1
lockon:ec-cubelockon ec-cubeeq2.12.2
lockon:ec-cubelockon ec-cubeeq2.12.3
lockon:ec-cubelockon ec-cubeeq2.12.3en
lockon:ec-cubelockon ec-cubeeq2.12.3enp1

CPE	Name	Operator	Version
lockon:ec-cube	lockon ec-cube	eq	2.11.2
lockon:ec-cube	lockon ec-cube	eq	2.11.3
lockon:ec-cube	lockon ec-cube	eq	2.11.4
lockon:ec-cube	lockon ec-cube	eq	2.11.5
lockon:ec-cube	lockon ec-cube	eq	2.12.0
lockon:ec-cube	lockon ec-cube	eq	2.12.1
lockon:ec-cube	lockon ec-cube	eq	2.12.2
lockon:ec-cube	lockon ec-cube	eq	2.12.3
lockon:ec-cube	lockon ec-cube	eq	2.12.3en
lockon:ec-cube	lockon ec-cube	eq	2.12.3enp1

Rows per page:

1-10 of 171

References

jvn.jp/en/jp/JVN06870202/index.html

jvndb.jvn.jp/jvndb/JVNDB-2013-000098

svn.ec-cube.net/open_trac/changeset/23278

www.ec-cube.net/info/weakness/weakness.php?id=52

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

Related for CVE-2013-5994

nvd1 cvelist1 jvn1 prion1