Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1886

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1886
Last Modified 05 Sep 2008 04:31:46
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1886

Summary

TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.

Vulnerable Systems

Application

  • Tightauction 3.0


References

BID - 5850

XF - tightauction-config-information-disclosure(10310)

BUGTRAQ - 20021002 Multiple Web Security Holes


Last Updated: 27 May 2016 10:37:31