Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4856

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4856
Last Modified 28 Jul 2015 11:03:15
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4856

Summary

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".

Vulnerable Systems

Application

  • Ez Publish 3.5.0

  • Ez Publish 3.5.1

  • Ez Publish 3.5.2

  • Ez Publish 3.5.3

  • Ez Publish 3.5.4

  • Ez Publish 3.5.5

  • Ez Publish 3.5.6

  • Ez Publish 3.6.0

  • Ez Publish 3.6.1

  • Ez Publish 3.6.2

  • Ez Publish 3.6.3

  • Ez Publish 3.6.4

  • Ez Publish 3.7.0

  • Ez Publish 3.7.1

  • Ez Publish 3.7.2

  • Ez Publish 3.8.0


References

CONFIRM - http://issues.ez.no/6703

CONFIRM - http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0


Last Updated: 27 May 2016 11:09:26