| Vulnerability Name: | CVE-2005-3347 (CCN-23107) | ||||||||||||||||
| Assigned: | 2005-11-11 | ||||||||||||||||
| Published: | 2005-11-11 | ||||||||||||||||
| Updated: | 2017-07-11 | ||||||||||||||||
| Summary: | Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. Note: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346. | ||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||
| Vulnerability Type: | CWE-22 | ||||||||||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2005-3347 Source: MITRE Type: CNA CVE-2005-3348 Source: CCN Type: phpSysInfo Web page phpSysInfo Source: CCN Type: SA17441 phpSysInfo "register_globals" Emulation Layer Overwrite Vulnerability Source: SECUNIA Type: UNKNOWN 17441 Source: CCN Type: SA17570 phpGroupWare Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17570 Source: SECUNIA Type: UNKNOWN 17584 Source: SECUNIA Type: UNKNOWN 17616 Source: CCN Type: SA17620 eGroupWare Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17620 Source: SECUNIA Type: UNKNOWN 17643 Source: SECUNIA Type: UNKNOWN 17698 Source: DEBIAN Type: UNKNOWN DSA-897 Source: DEBIAN Type: Patch, Vendor Advisory DSA-898 Source: DEBIAN Type: UNKNOWN DSA-899 Source: DEBIAN Type: DSA-897 phpsysinfo -- programming errors Source: DEBIAN Type: DSA-898 phpgroupware -- programming errors Source: DEBIAN Type: DSA-899 egroupware -- programming errors Source: CCN Type: GLSA-200511-18 phpSysInfo: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200511-18 Source: MISC Type: UNKNOWN http://www.hardened-php.net/advisory_212005.81.html Source: MANDRIVA Type: UNKNOWN MDKSA-2005:212 Source: CCN Type: OSVDB ID: 20821 phpSysInfo index.php HTTP Response Splitting Source: BUGTRAQ Type: UNKNOWN 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo Source: BID Type: UNKNOWN 15396 Source: CCN Type: BID-15396 PHPSysInfo Multiple Input Validation Vulnerabilities Source: BID Type: UNKNOWN 15414 Source: CCN Type: BID-15414 PHPsysInfo Multiple Input Validation Vulnerabilities Source: XF Type: UNKNOWN phpsysinfo-registerglobal-data-manipulation(23107) Source: XF Type: UNKNOWN phpsysinfo-registerglobal-data-manipulation(23107) | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||