Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4861

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4861
Last Modified 15 Nov 2008 01:58:49
Published 30 Oct 2007 05:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4861

Summary

SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.

Vulnerable Systems

Application

  • Quirm Saxon 5.4


References

BUGTRAQ - 20071029 SAXON version 5.4 Multiple Path Disclosure Vulnerabilities

CONFIRM - http://www.quirm.net/punbb/viewtopic.php?id=129

MISC - http://www.netvigilance.com/advisory0053

OSVDB - 45334

OSVDB - 45333

OSVDB - 45332

OSVDB - 45331

OSVDB - 45330

XF - saxon-news-edititem-path-disclosure(38138)

SREASON - 3311


Last Updated: 27 May 2016 10:45:58