Lucene search

Ubuntu.comUB:CVE-2005-4853

HistoryDec 31, 2005 - 12:00 a.m.

CVE-2005-4853

2005-12-3100:00:00

ubuntu.com

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:C/A:C

0.002 Low

EPSS

Percentile

61.2%

JSON

The default configuration of the forum package in eZ publish 3.5 before
3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does
not restrict edit permissions to a posting’s owner, which allows remote
authenticated users to edit arbitrary postings.

References

launchpad.net/bugs/cve/CVE-2005-4853

nvd.nist.gov/vuln/detail/CVE-2005-4853

security-tracker.debian.org/tracker/CVE-2005-4853

www.cve.org/CVERecord?id=CVE-2005-4853

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:C/A:C

0.002 Low

EPSS

Percentile

61.2%

JSON

Related for UB:CVE-2005-4853