Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1486

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-1486
Last Modified 05 Sep 2008 04:37:03
Published 31 Dec 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1486

Summary

Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message.

Vulnerable Systems

Application

  • Phorum 3.4

  • Phorum 3.4.1

  • Phorum 3.4.2


References

BID - 7571

XF - phorum-multiple-path-disclosure(12499)

BUGTRAQ - 20030513 Phorum Vulnerabilities

SREASON - 3288


Last Updated: 27 May 2016 10:38:22