Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4880

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4880
Last Modified 31 Mar 2009 12:00:00
Published 31 Mar 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4880

Summary

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

Vulnerable Systems

Application

  • Jax Scripts Jax Guestbook 3.1

  • Jax Scripts Jax Guestbook 3.3.1


References

SECUNIA - 16337

MISC - http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html


Last Updated: 27 May 2016 10:41:28