Vulnerability Name:

CVE-2010-0984 (CCN-55329)

Assigned:2010-01-03
Published:2010-01-03
Updated:2017-08-17
Summary:Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2010-0984

Source: OSVDB
Type: UNKNOWN
61436

Source: MISC
Type: Exploit
http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt

Source: CCN
Type: SA38084
Acidcat CMS Information Disclosure Security Issue

Source: SECUNIA
Type: Vendor Advisory
38084

Source: CCN
Type: Acidcat CMS Web site
Acidcat ASP CMS

Source: EXPLOIT-DB
Type: Exploit
10972

Source: CCN
Type: OSVDB ID: 61436
Acidcat CMS acidcat_3.mdb Direct Request Admin Credentials Disclosure

Source: XF
Type: UNKNOWN
acidcat-acidcat3-info-disclosure(55329)

Source: XF
Type: UNKNOWN
acidcat-acidcat3-info-disclosure(55329)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-03-2010]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:acidcat:acidcat_cms:2.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:acidcat:acidcat_cms:2.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:acidcat:acidcat_cms:2.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:acidcat:acidcat_cms:3.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:acidcat:acidcat_cms:3.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:acidcat:acidcat_cms:3.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:acidcat:acidcat_cms:3.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:acidcat:acidcat_cms:3.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:acidcat:acidcat_cms:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:acidcat:acidcat_cms:3.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:acidcat:acidcat_cms:*:*:*:*:*:*:*:* (Version <= 3.5.3)

    • * Denotes that component is vulnerable
    BACK
    acidcat acidcat cms 2.1.11
    acidcat acidcat cms 2.1.12
    acidcat acidcat cms 2.1.13
    acidcat acidcat cms 3.3.5
    acidcat acidcat cms 3.4.0
    acidcat acidcat cms 3.4.1
    acidcat acidcat cms 3.4.2
    acidcat acidcat cms 3.5.0
    acidcat acidcat cms 3.5.1
    acidcat acidcat cms 3.5.2
    acidcat acidcat cms *