Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3434

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3434
Last Modified 07 Mar 2011 09:26:31
Published 02 Nov 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3434

Summary

Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges.

Vulnerable Systems

Application

  • Archilles Newsworld 1.3.1

  • Archilles Newsworld 1.3.2

  • Archilles Newsworld 1.5.0 Rc1


References

XF - newsworld-adminnews-bypass-authentication(22860)

SECUNIA - 17310

BUGTRAQ - 20051021 aRCHILLES Newsworld < 1.5.0-rc1 Multiple Vulnerabilities


Last Updated: 27 May 2016 10:40:56