Vulnerability Name:

CVE-2004-1385 (CCN-18497)

Assigned:2004-12-15
Published:2004-12-15
Updated:2017-07-11
Summary:phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Tue Dec 14 2004 - 21:15:17 CST
Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]

Source: MITRE
Type: CNA
CVE-2004-1385

Source: MITRE
Type: CNA
CVE-2004-2574

Source: MITRE
Type: CNA
CVE-2004-2575

Source: BUGTRAQ
Type: UNKNOWN
20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]

Source: CCN
Type: GLSA-200501-08
phpGroupWare: Various vulnerabilities

Source: GENTOO
Type: Patch
GLSA-200501-08

Source: MISC
Type: Exploit
http://www.gulftech.org/?node=research&article_id=00054-12142004

Source: CCN
Type: OSVDB ID: 12390
phpGroupWare preferences.php Path Disclosure

Source: CCN
Type: OSVDB ID: 12391
phpGroupWare index.php Path Disclosure

Source: CCN
Type: OSVDB ID: 12392
phpGroupWare wiki/index.php kp3 Parameter XSS

Source: CCN
Type: OSVDB ID: 12396
phpGroupWare index.php Multiple Parameter SQL Injection

Source: CCN
Type: OSVDB ID: 7600
phpGroupWare index.php Calendar Date Parameter XSS

Source: CCN
Type: OSVDB ID: 7601
phpGroupWare setup.inc.php.sample Path Disclosure

Source: CCN
Type: OSVDB ID: 7602
phpGroupWare class.holidaycalc.inc.php Path Disclosure

Source: CCN
Type: OSVDB ID: 7603
phpGroupWare hook_home.inc.php Path Disclosure

Source: CCN
Type: OSVDB ID: 7604
phpGroupWare hook_admin.inc.php Path Disclosure

Source: CCN
Type: BID-12082
PHPGroupWare Index.PHP HTML Injection Vulnerability

Source: XF
Type: UNKNOWN
phpgroupware-path-disclosure(18497)

Source: XF
Type: UNKNOWN
phpgroupware-path-disclosure(18497)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpgroupware:phpgroupware:0.9.12:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.13:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.14:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.14.003:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.14.005:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.14.006:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.14.007:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*
  • OR cpe:/a:phpgroupware:phpgroupware:0.9.16_rc1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    phpgroupware phpgroupware 0.9.12
    phpgroupware phpgroupware 0.9.13
    phpgroupware phpgroupware 0.9.14
    phpgroupware phpgroupware 0.9.14.003
    phpgroupware phpgroupware 0.9.14.005
    phpgroupware phpgroupware 0.9.14.006
    phpgroupware phpgroupware 0.9.14.007
    phpgroupware phpgroupware 0.9.16.000
    phpgroupware phpgroupware 0.9.16.002
    phpgroupware phpgroupware 0.9.16.003
    phpgroupware phpgroupware 0.9.16_rc1