CVE-2004-1572

AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://echo.or.id/adv/adv07-y3dips-2004.txt
http://marc.info/?l=bugtraq&m=109664986210763&w=2
http://securitytracker.com/id?1011484
http://www.securityfocus.com/bid/11301
https://exchange.xforce.ibmcloud.com/vulnerabilities/17569
http://echo.or.id/adv/adv07-y3dips-2004.txt
http://marc.info/?l=bugtraq&m=109664986210763&w=2
http://securitytracker.com/id?1011484
http://www.securityfocus.com/bid/11301
https://exchange.xforce.ibmcloud.com/vulnerabilities/17569

Configurations

Configuration 1 (hide)

cpe:2.3:a:aj-fork:aj-fork:167:*:*:*:*:*:*:*

History

20 Nov 2024, 23:51

Type	Values Removed	Values Added
References	~~() http://echo.or.id/adv/adv07-y3dips-2004.txt -~~	() http://echo.or.id/adv/adv07-y3dips-2004.txt -
References	~~() http://marc.info/?l=bugtraq&m=109664986210763&w=2 -~~	() http://marc.info/?l=bugtraq&m=109664986210763&w=2 -
References	~~() http://securitytracker.com/id?1011484 -~~	() http://securitytracker.com/id?1011484 -
References	~~() http://www.securityfocus.com/bid/11301 -~~	() http://www.securityfocus.com/bid/11301 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/17569 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/17569 -

Information

Published : 2004-12-31 05:00

Updated : 2024-11-20 23:51

NVD link : CVE-2004-1572

Mitre link : CVE-2004-1572

CVE.ORG link : CVE-2004-1572

JSON object : View

Products Affected

aj-fork

aj-fork

CWE

NVD-CWE-Other

{"id": "CVE-2004-1572", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://echo.or.id/adv/adv07-y3dips-2004.txt", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=109664986210763&w=2", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1011484", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11301", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17569", "source": "cve@mitre.org"}, {"url": "http://echo.or.id/adv/adv07-y3dips-2004.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=109664986210763&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1011484", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/11301", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17569", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request."}], "lastModified": "2024-11-20T23:51:13.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aj-fork:aj-fork:167:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAB42474-4D4C-448B-9462-03ED772240EC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}