Vulnerability Name:
CVE-2011-2891 (CCN-68881)
Assigned:
2011-06-27
Published:
2011-06-27
Updated:
2017-08-29
Summary:
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than
CVE-2011-2488
.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
5.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
3.7 Low
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
3.7 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-200
Vulnerability Consequences:
Obtain Information
References:
Source: MISC
Type: Exploit
http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html
Source: MITRE
Type: CNA
CVE-2011-2891
Source: CONFIRM
Type: UNKNOWN
http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html
Source: CCN
Type: Joomla! Web Site
Joomla
Source: CCN
Type: oss-security Mailing List, Mon, 27 Jun 2011 15:53:27 +0800
CVE request: Joomla unspecified information disclosure vulnerability
Source: MLIST
Type: Exploit
[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability
Source: MLIST
Type: Exploit
[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability
Source: XF
Type: UNKNOWN
joomla-itemid-path-disclosure(68881)
Source: XF
Type: UNKNOWN
joomla-itemid-path-disclosure(68881)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:joomla:joomla!:1.6:alpha:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:alpha2:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta1:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta10:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta11:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta12:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta13:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta14:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta15:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta2:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta3:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta4:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta5:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta6:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta7:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta8:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:beta9:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6:rc1:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6.0:*:*:*:*:*:*:*
OR
cpe:/a:joomla:joomla!:1.6.1:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
joomla
joomla! 1.6 alpha
joomla
joomla! 1.6 alpha2
joomla
joomla! 1.6 beta1
joomla
joomla! 1.6 beta10
joomla
joomla! 1.6 beta11
joomla
joomla! 1.6 beta12
joomla
joomla! 1.6 beta13
joomla
joomla! 1.6 beta14
joomla
joomla! 1.6 beta15
joomla
joomla! 1.6 beta2
joomla
joomla! 1.6 beta3
joomla
joomla! 1.6 beta4
joomla
joomla! 1.6 beta5
joomla
joomla! 1.6 beta6
joomla
joomla! 1.6 beta7
joomla
joomla! 1.6 beta8
joomla
joomla! 1.6 beta9
joomla
joomla! 1.6 rc1
joomla
joomla! 1.6.0
joomla
joomla! 1.6.1
Denotes that component is vulnerable