Vulnerability Name:

CVE-2003-0536 (CCN-11927)

Assigned:2003-01-18
Published:2003-01-18
Updated:2016-10-18
Summary:Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
3.6 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Fri Apr 25 2003 - 13:31:43 CDT
Re: Unauthorized reading files on phpSysInfo

Source: MITRE
Type: CNA
CVE-2003-0536

Source: BUGTRAQ
Type: UNKNOWN
20030425 Unauthorized reading files on phpSysInfo

Source: CCN
Type: phpSysInfo Web site
phpSysInfo

Source: CCN
Type: SECTRACK ID: 1007140
phpSysInfo May Disclose Files on the System to Remote Users

Source: CCN
Type: SourceForge.net: Detail:670222
DOS: phpsysinfo recursive loop

Source: MISC
Type: UNKNOWN
http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-346

Source: DEBIAN
Type: DSA 346-1
phpsysinfo - directory traversal

Source: DEBIAN
Type: DSA-346
phpsysinfo -- directory traversal

Source: CCN
Type: GLSA-200311-07
phpSysInfo: arbitrary code execution and directory traversal

Source: XF
Type: UNKNOWN
phpsysinfo-dotdot-dos(11927)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpsysinfo:phpsysinfo:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpsysinfo:phpsysinfo:2.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:phpsysinfo:phpsysinfo:2.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2003-0536 (CCN-12559)

    Assigned:2003-01-18
    Published:2003-01-18
    Updated:2016-10-18
    Summary:Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
    CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): None
    Availibility (A): None
    CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): Partial
    2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Obtain Information
    References:Source: CCN
    Type: BugTraq Mailing List, Fri Apr 25 2003 - 13:31:43 CDT
    Re: Unauthorized reading files on phpSysInfo

    Source: MITRE
    Type: CNA
    CVE-2003-0536

    Source: DEBIAN
    Type: DSA 346-1
    phpsysinfo - directory traversal

    Source: DEBIAN
    Type: DSA-346
    phpsysinfo -- directory traversal

    Source: CCN
    Type: GLSA-200311-07
    phpSysInfo: arbitrary code execution and directory traversal

    Source: CCN
    Type: Gentoo Linux Security Announcement 200311-06
    dev-php/phpsysinfo

    Source: CCN
    Type: BID-7275
    PHPSysInfo Index.PHP File Disclosure Vulnerability

    Source: CCN
    Type: BID-7286
    PHPSysInfo Index.PHP LNG File Disclosure Vulnerability

    Source: XF
    Type: UNKNOWN
    phpsysinfo-dotdot-directory-traversal(12559)

    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:346
    V
    		directory traversal
    2003-07-08
    BACK
    phpsysinfo phpsysinfo 2.0
    phpsysinfo phpsysinfo 2.1
    phpsysinfo phpsysinfo 2.1
    debian debian linux 3.0
    gentoo linux *