Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0229

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0229
Last Modified 10 Sep 2008 03:35:09
Published 27 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0229

Summary

CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.

Vulnerable Systems

Application

  • Citrusdb Customer Database 0.1.2

  • Citrusdb Customer Database 0.2

  • Citrusdb Customer Database 0.2.1

  • Citrusdb Customer Database 0.3

  • Citrusdb Customer Database 0.3.1

  • Citrusdb Customer Database 0.3.5


References

BID - 12402

FULLDISC - 20050212 Credit Card data disclosure in CitrusDB

XF - citrus-information-disclosure(19145)

MISC - http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt

CONFIRM - http://www.citrusdb.org/forums/viewtopic.php?t=49

SECTRACK - 1013040


Last Updated: 27 May 2016 10:39:43