Vulnerability Name: | CVE-2004-1385 (CCN-18497) | ||||||||
Assigned: | 2004-12-15 | ||||||||
Published: | 2004-12-15 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Tue Dec 14 2004 - 21:15:17 CST Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ] Source: MITRE Type: CNA CVE-2004-1385 Source: MITRE Type: CNA CVE-2004-2574 Source: MITRE Type: CNA CVE-2004-2575 Source: BUGTRAQ Type: UNKNOWN 20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ] Source: CCN Type: GLSA-200501-08 phpGroupWare: Various vulnerabilities Source: GENTOO Type: Patch GLSA-200501-08 Source: MISC Type: Exploit http://www.gulftech.org/?node=research&article_id=00054-12142004 Source: CCN Type: OSVDB ID: 12390 phpGroupWare preferences.php Path Disclosure Source: CCN Type: OSVDB ID: 12391 phpGroupWare index.php Path Disclosure Source: CCN Type: OSVDB ID: 12392 phpGroupWare wiki/index.php kp3 Parameter XSS Source: CCN Type: OSVDB ID: 12396 phpGroupWare index.php Multiple Parameter SQL Injection Source: CCN Type: OSVDB ID: 7600 phpGroupWare index.php Calendar Date Parameter XSS Source: CCN Type: OSVDB ID: 7601 phpGroupWare setup.inc.php.sample Path Disclosure Source: CCN Type: OSVDB ID: 7602 phpGroupWare class.holidaycalc.inc.php Path Disclosure Source: CCN Type: OSVDB ID: 7603 phpGroupWare hook_home.inc.php Path Disclosure Source: CCN Type: OSVDB ID: 7604 phpGroupWare hook_admin.inc.php Path Disclosure Source: CCN Type: BID-12082 PHPGroupWare Index.PHP HTML Injection Vulnerability Source: XF Type: UNKNOWN phpgroupware-path-disclosure(18497) Source: XF Type: UNKNOWN phpgroupware-path-disclosure(18497) | ||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||
BACK |