Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1995

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-1995
Last Modified 05 Sep 2008 04:50:36
Published 15 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1995

Summary

Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message.

Vulnerable Systems

Application

  • Bitrix Site Manager 4.0.0

  • Bitrix Site Manager 4.0.2

  • Bitrix Site Manager 4.0.3

  • Bitrix Site Manager 4.0.4

  • Bitrix Site Manager 4.0.5

  • Bitrix Site Manager 4.0.6

  • Bitrix Site Manager 4.0.7

  • Bitrix Site Manager 4.0.8


References

OSVDB - 17376

OSVDB - 17348

XF - bitrix-site-path-disclosure(21019)

BUGTRAQ - 20050615 Vulnerability: Bitrix Web Server Paths


Last Updated: 27 May 2016 10:40:22