Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5463

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5463
Last Modified 15 Nov 2008 02:01:04
Published 15 Oct 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5463

Summary

ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root.

Vulnerable Systems

Application

  • Viart Shop 3.3 Beta


References

CONFIRM - http://www.viart.com/ideal_process_script_fix_for_release_32_and_33_beta.html

SECUNIA - 27199

XF - viart-idealprocess-path-disclosure(37048)

BUGTRAQ - 20071010 Regarding vulnerability in ViArt Shop

OSVDB - 40151

BID - 25998

SREASON - 3233


Last Updated: 27 May 2016 10:46:10