Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4384

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-4384
Last Modified 20 Sep 2008 12:43:03
Published 19 Dec 2005 09:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4384

Summary

CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.

Vulnerable Systems

Application

  • Citysoft Community Enterprise 4.x


References

XF - communityenterprise-path-disclosure(23822)

OSVDB - 21858

OSVDB - 21857

SECUNIA - 18145

MISC - http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html


Last Updated: 27 May 2016 10:41:16