Lucene search
HistoryJul 27, 2009 - 2:30 p.m.
CVE-2009-2606
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.003
Percentile
68.4%
ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb.
Affected configurations
Node
brainjarasp_football_poolMatch2.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| brainjar | asp_football_pool | 2.3 | cpe:2.3:a:brainjar:asp_football_pool:2.3:*:*:*:*:*:*:* |
Related
prion
prion
Improper access control
2009-07-27 14:30:00
exploitdb
exploitdb
ASP Football Pool 2.3 - Remote Database Disclosure
2009-06-01 00:00:00
cve
cve
CVE-2009-2606
2009-07-27 14:30:00
cvelist
cvelist
CVE-2009-2606
2009-07-27 14:22:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.003
Percentile
68.4%
Related for NVD:CVE-2009-2606