Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4853

Overview

Vulnerability Score 9.4 9.4
CVE Id CVE-2005-4853
Last Modified 28 Jul 2015 10:41:55
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4853

Summary

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.

Vulnerable Systems

Application

  • Ez Publish 3.5.0

  • Ez Publish 3.5.1

  • Ez Publish 3.5.2

  • Ez Publish 3.5.3

  • Ez Publish 3.5.4


References

CONFIRM - http://issues.ez.no/7052

CONFIRM - http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0


Last Updated: 27 May 2016 11:09:26