Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4851

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2005-4851
Last Modified 28 Jul 2015 10:41:15
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2005-4851

Summary

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

Vulnerable Systems

Application

  • Ez Publish 3.4.4

  • Ez Publish 3.5.11

  • Ez Publish 3.6.12

  • Ez Publish 3.7.10


References

CONFIRM - http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

CONFIRM - http://issues.ez.no/6841


Last Updated: 27 May 2016 11:09:26