Gossamer Threads DBMan 2.0.4 DBMan Information Leakage Vulnerability
2000-05-05T00:00:00
ID EDB-ID:19903 Type exploitdb Reporter Black Watch Labs Modified 2000-05-05T00:00:00
Description
Gossamer Threads DBMan 2.0.4 DBMan Information Leakage Vulnerability. CVE-2000-0381. Remote exploits for multiple platform
source: http://www.securityfocus.com/bid/1178/info
Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user without any authorization. The parameters displayed include the local document root path, server administrator account name, web server software, platform, etc.
http://target/scripts/dbman/db.cgi?db=invalid-db
{"published": "2000-05-05T00:00:00", "id": "EDB-ID:19903", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "history": [], "enchantments": {"vulnersScore": 2.1}, "hash": "2538dba7f513c0802874b4d37e1b06e90ed95a6f8ed68213533748aee52f051a", "description": "Gossamer Threads DBMan 2.0.4 DBMan Information Leakage Vulnerability. CVE-2000-0381. Remote exploits for multiple platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/19903/", "lastseen": "2016-02-02T13:00:58", "edition": 1, "title": "Gossamer Threads DBMan 2.0.4 DBMan Information Leakage Vulnerability", "osvdbidlist": ["306"], "modified": "2000-05-05T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2000-0381"], "sourceHref": "https://www.exploit-db.com/download/19903/", "references": [], "reporter": "Black Watch Labs", "sourceData": "source: http://www.securityfocus.com/bid/1178/info\r\n\r\nRequesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user without any authorization. The parameters displayed include the local document root path, server administrator account name, web server software, platform, etc.\r\n\r\nhttp://target/scripts/dbman/db.cgi?db=invalid-db", "objectVersion": "1.0"}
{"result": {"cve": [{"id": "CVE-2000-0381", "type": "cve", "title": "CVE-2000-0381", "description": "The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.", "published": "2000-05-05T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0381", "cvelist": ["CVE-2000-0381"], "lastseen": "2016-09-03T02:38:05"}], "openvas": [{"id": "OPENVAS:10403", "type": "openvas", "title": "DBMan CGI server information leakage", "description": "It is possible to cause the DBMan \nCGI to reveal sensitive information, by requesting a URL such as:\n\nGET /scripts/dbman/db.cgi?db=no-db", "published": "2005-11-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=10403", "cvelist": ["CVE-2000-0381"], "lastseen": "2017-12-08T11:44:08"}, {"id": "OPENVAS:136141256231010403", "type": "openvas", "title": "DBMan CGI server information leakage", "description": "It is possible to cause the DBMan\n CGI to reveal sensitive information, by requesting a URL such as:\n\n GET /scripts/dbman/db.cgi?db=no-db", "published": "2005-11-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231010403", "cvelist": ["CVE-2000-0381"], "lastseen": "2018-04-05T15:14:55"}], "osvdb": [{"id": "OSVDB:306", "type": "osvdb", "title": "Gossamer Threads DBMan db.cgi Malformed Database Request Information Disclosure", "description": "## Manual Testing Notes\nhttp://[victim]/scripts/dbman/db.cgi?db=no-db\n## References:\nSnort Signature ID: 1554\nISS X-Force ID: 4494\n[CVE-2000-0381](https://vulners.com/cve/CVE-2000-0381)\nBugtraq ID: 1178\n", "published": "2000-05-05T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:306", "cvelist": ["CVE-2000-0381"], "lastseen": "2017-04-28T13:19:55"}]}}