CVE-2011-3761

2011-09-24T00:00:00

Description

NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files.

Affected Package

OS	OS Version	Package Name	Package Version
ubuntu	18.04	nusoap	any
ubuntu	20.04	nusoap	any
ubuntu	22.04	nusoap	any
ubuntu	upstream	nusoap	any
ubuntu	12.04	nusoap	any
ubuntu	14.04	nusoap	any
ubuntu	upstream	nusoap	any
ubuntu	16.04	nusoap	any

{"id": "UB:CVE-2011-3761", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2011-3761", "description": "NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a\ndirect request to a .php file, which reveals the installation path in an\nerror message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain\nother files.", "published": "2011-09-24T00:00:00", "modified": "2011-09-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2011-3761", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3761", "https://nvd.nist.gov/vuln/detail/CVE-2011-3761", "https://launchpad.net/bugs/cve/CVE-2011-3761", "https://security-tracker.debian.org/tracker/CVE-2011-3761"], "cvelist": ["CVE-2011-3761"], "immutableFields": [], "lastseen": "2023-01-27T15:27:46", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3761"]}], "rev": 4}, "score": {"value": 5.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2011-3761"]}]}, "exploitation": null, "vulnersScore": 5.0}, "_state": {"dependencies": 1674833363, "score": 1674833389}, "_internal": {"score_hash": "2e651453ce11b3b41de52911ab91db61"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "nusoap"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "nusoap"}, {"OS": "ubuntu", "OSVersion": "22.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "nusoap"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "nusoap"}, {"OS": "ubuntu", "OSVersion": "12.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "nusoap"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "nusoap"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "nusoap"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needed", "packageName": "nusoap"}], "bugs": []}

{"cve": [{"lastseen": "2022-03-23T12:32:24", "description": "NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files.", "cvss3": {}, "published": "2011-09-24T00:55:00", "type": "cve", "title": "CVE-2011-3761", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3761"], "modified": "2017-08-29T01:30:00", "cpe": ["cpe:/a:dietrich_ayala:nusoap:0.9.5"], "id": "CVE-2011-3761", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3761", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:dietrich_ayala:nusoap:0.9.5:*:*:*:*:*:*:*"]}]}

CVE-2011-3761

Description

Affected Package

Related