CVE-2005-1716

TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lostmon.blogspot.com/2005/05/topo-22-multiple-variable-fields-xss.html	Exploit
http://secunia.com/advisories/15325
http://securitytracker.com/id?1014016	Exploit
http://www.osvdb.org/16700	Exploit
http://lostmon.blogspot.com/2005/05/topo-22-multiple-variable-fields-xss.html	Exploit
http://secunia.com/advisories/15325
http://securitytracker.com/id?1014016	Exploit
http://www.osvdb.org/16700	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ej3:topo:2.2:::::::*
	cpe:2.3:a:ej3:topo:2.2.178:::::::*

History

20 Nov 2024, 23:57

Type	Values Removed	Values Added
References	~~() http://lostmon.blogspot.com/2005/05/topo-22-multiple-variable-fields-xss.html - Exploit~~	() http://lostmon.blogspot.com/2005/05/topo-22-multiple-variable-fields-xss.html - Exploit
References	~~() http://secunia.com/advisories/15325 -~~	() http://secunia.com/advisories/15325 -
References	~~() http://securitytracker.com/id?1014016 - Exploit~~	() http://securitytracker.com/id?1014016 - Exploit
References	~~() http://www.osvdb.org/16700 - Exploit~~	() http://www.osvdb.org/16700 - Exploit

Information

Published : 2005-05-24 04:00

Updated : 2024-11-20 23:57

NVD link : CVE-2005-1716

Mitre link : CVE-2005-1716

CVE.ORG link : CVE-2005-1716

JSON object : View

Products Affected

ej3

topo

CWE

NVD-CWE-Other

{"id": "CVE-2005-1716", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-24T04:00:00.000", "references": [{"url": "http://lostmon.blogspot.com/2005/05/topo-22-multiple-variable-fields-xss.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/15325", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1014016", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/16700", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://lostmon.blogspot.com/2005/05/topo-22-multiple-variable-fields-xss.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/15325", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1014016", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/16700", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses."}], "lastModified": "2024-11-20T23:57:58.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ej3:topo:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D97DE3DF-26E0-4899-BD33-D05E91C968FD"}, {"criteria": "cpe:2.3:a:ej3:topo:2.2.178:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B4C4E28-C301-427D-9E29-69A85EEC3ED6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}