Lucene search

[email protected]NVD:CVE-2012-0263

HistoryDec 31, 2013 - 8:55 p.m.

CVE-2012-0263

2013-12-3120:55:15

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.003

Percentile

68.1%

JSON

monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.

Affected configurations

Nvd

Node

op5monitorRange≤5.5.0

op5monitorMatch5.3.5

op5monitorMatch5.4.0

op5monitorMatch5.4.2

VendorProductVersionCPE
op5monitor*cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*
op5monitor5.3.5cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*
op5monitor5.4.0cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*
op5monitor5.4.2cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
op5	monitor	*	cpe:2.3:a:op5:monitor::::::::
op5	monitor	5.3.5	cpe:2.3:a:op5:monitor:5.3.5:::::::*
op5	monitor	5.4.0	cpe:2.3:a:op5:monitor:5.4.0:::::::*
op5	monitor	5.4.2	cpe:2.3:a:op5:monitor:5.4.2:::::::*

References

seclists.org/fulldisclosure/2012/Jan/62

secunia.com/advisories/47344

www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf

www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/

www.osvdb.org/78067

bugs.op5.com/view.php?id=5094

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.003

Percentile

68.1%

JSON

Related for NVD:CVE-2012-0263

cve1 cvelist1 prion1 nessus1