Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4389

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4389
Last Modified 07 Mar 2011 09:28:11
Published 19 Dec 2005 09:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4389

Summary

search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters.

Vulnerable Systems

Application

  • Contens 2.5

  • Contens 3.0


References

VUPEN - ADV-2005-2981

XF - contens-search-path-disclosure(23824)

OSVDB - 21825

SECUNIA - 18143

MISC - http://pridels0.blogspot.com/2005/12/contens-searchcfm-multiple-input.html


Last Updated: 27 May 2016 10:41:16