Lucene search

[email protected]NVD:CVE-2011-1131

HistoryJun 21, 2011 - 2:52 a.m.

CVE-2011-1131

2011-06-2102:52:42

CWE-200

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.2%

JSON

The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search.

Affected configurations

NVD

Node

simplemachinessmfRange≤1.1.12

simplemachinessmfMatch1.0

simplemachinessmfMatch1.0beta4

simplemachinessmfMatch1.0beta4.1

simplemachinessmfMatch1.0beta5

simplemachinessmfMatch1.0beta6

simplemachinessmfMatch1.0rc1

simplemachinessmfMatch1.0rc2

simplemachinessmfMatch1.0.1

simplemachinessmfMatch1.0.2

simplemachinessmfMatch1.0.3

simplemachinessmfMatch1.0.4

simplemachinessmfMatch1.0.5

simplemachinessmfMatch1.0.6

simplemachinessmfMatch1.0.7

simplemachinessmfMatch1.0.8

simplemachinessmfMatch1.0.9

simplemachinessmfMatch1.0.10

simplemachinessmfMatch1.0.12

simplemachinessmfMatch1.0.13

simplemachinessmfMatch1.0.14

simplemachinessmfMatch1.0.15

simplemachinessmfMatch1.0.16

simplemachinessmfMatch1.0.17

simplemachinessmfMatch1.0.18

simplemachinessmfMatch1.0.19

simplemachinessmfMatch1.0.20

simplemachinessmfMatch1.0.21

simplemachinessmfMatch1.1

simplemachinessmfMatch1.1beta1

simplemachinessmfMatch1.1beta2

simplemachinessmfMatch1.1beta3

simplemachinessmfMatch1.1beta4

simplemachinessmfMatch1.1rc1

simplemachinessmfMatch1.1rc2

simplemachinessmfMatch1.1rc3

simplemachinessmfMatch1.1.1

simplemachinessmfMatch1.1.2

simplemachinessmfMatch1.1.3

simplemachinessmfMatch1.1.4

simplemachinessmfMatch1.1.5

simplemachinessmfMatch1.1.6

simplemachinessmfMatch1.1.7

simplemachinessmfMatch1.1.8

simplemachinessmfMatch1.1.9

simplemachinessmfMatch1.1.10

simplemachinessmfMatch1.1.11

Node

simplemachinessmfMatch2.0beta1

simplemachinessmfMatch2.0beta2

simplemachinessmfMatch2.0beta2.1

simplemachinessmfMatch2.0beta3

simplemachinessmfMatch2.0beta3.1

simplemachinessmfMatch2.0beta4

simplemachinessmfMatch2.0rc1

simplemachinessmfMatch2.0rc2

simplemachinessmfMatch2.0rc3

simplemachinessmfMatch2.0rc4

References

custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip

www.openwall.com/lists/oss-security/2011/02/22/17

www.openwall.com/lists/oss-security/2011/03/02/4

www.simplemachines.org/community/index.php?topic=421547.0

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.2%

JSON

Related for NVD:CVE-2011-1131

cve1 cvelist1 prion1 openvas1