Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2061

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2061
Last Modified 05 Sep 2008 04:43:05
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2061

Summary

RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.

Vulnerable Systems

Application

  • Risearch Software Risearch 0.99.1

  • Risearch Software Risearch 0.99.2

  • Risearch Software Risearch 0.99.3

  • Risearch Software Risearch 0.99.4

  • Risearch Software Risearch 0.99.5

  • Risearch Software Risearch 0.99.6

  • Risearch Software Risearch 0.99.7

  • Risearch Software Risearch 0.99.8

  • Risearch Software Risearch Pro 3.2.6


References

XF - risearch-show-open-proxy(16817)

BID - 10812

SECUNIA - 12173

BUGTRAQ - 20040727 IRM 009: RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities

OSVDB - 8266

OSVDB - 8265

SECTRACK - 1010788


Last Updated: 27 May 2016 10:39:18