Lucene search

PRIOn knowledge basePRION:CVE-2007-0543

HistoryJan 29, 2007 - 5:28 p.m.

Improper access control

2007-01-2917:28:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

9.4 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.

CPENameOperatorVersion
zixforumle1.14

CPE	Name	Operator	Version
	zixforum	le	1.14

References

securityreason.com/securityalert/2189

www.securityfocus.com/archive/1/457950/100/0/threaded

www.securityfocus.com/archive/1/458135/100/100/threaded

6.6 Medium

AI Score

Confidence

Low

9.4 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for PRION:CVE-2007-0543