Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1166

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-1166
Last Modified 10 Feb 2011 12:00:00
Published 05 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1166

Summary

Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

Vulnerable Systems

Application

  • Flyspray 0.9.9

  • Flyspray 0.9.9.1

  • Flyspray 0.9.9.2

  • Flyspray 0.9.9.3

  • Flyspray 0.9.9.4


References

XF - flyspray-username-information-disclosure(40964)

BUGTRAQ - 20080303 [DSECRG-08-017] Flyspray 0.9.9.4 Multiple Security Vulnerabilities

SECUNIA - 29215


Last Updated: 27 May 2016 10:47:02