Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0696

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0696
Last Modified 10 Sep 2008 03:27:25
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0696

Summary

The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a "*" (asterisk) character.

Vulnerable Systems

Application

  • 4d Webstar 4.0

  • 4d Webstar 5.2

  • 4d Webstar 5.2.1

  • 4d Webstar 5.2.2

  • 4d Webstar 5.2.3

  • 4d Webstar 5.2.4

  • 4d Webstar 5.3

  • 4d Webstar 5.3.1

  • 4d Webstar 5.3.2


References

XF - 4dwebstar-view-directory-listing(16687)

ATSTAKE - A071304-1

MISC - ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History.txt

BID - 10721


Last Updated: 27 May 2016 10:38:43