CVE-2001-0995

PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.phprojekt.com/ChangeLog	Vendor Advisory
http://www.securityfocus.com/archive/1/210349	Patch Vendor Advisory
http://www.securityfocus.com/bid/3239	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7035

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phpprojekt:phpprojekt::::::::
	cpe:2.3:a:phpprojekt:phpprojekt:2.0:::::::*
	cpe:2.3:a:phpprojekt:phpprojekt:2.0.1:::::::*
	cpe:2.3:a:phpprojekt:phpprojekt:2.1:::::::*
	cpe:2.3:a:phpprojekt:phpprojekt:2.1a:::::::*
	cpe:2.3:a:phpprojekt:phpprojekt:2.2:::::::*
	cpe:2.3:a:phpprojekt:phpprojekt:2.3:::::::*

History

No history.

Information

Published : 2001-08-31 04:00

Updated : 2017-10-10 01:29

NVD link : CVE-2001-0995

Mitre link : CVE-2001-0995

CVE.ORG link : CVE-2001-0995

JSON object : View

Products Affected

phpprojekt

phpprojekt

CWE

NVD-CWE-Other

{"id": "CVE-2001-0995", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-08-31T04:00:00.000", "references": [{"url": "http://www.phprojekt.com/ChangeLog", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/210349", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3239", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7035", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs."}], "lastModified": "2017-10-10T01:29:57.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpprojekt:phpprojekt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2ADF50B-C9E2-4A8D-BEC3-79610F3077D7", "versionEndIncluding": "2.4a"}, {"criteria": "cpe:2.3:a:phpprojekt:phpprojekt:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB00BE86-A254-46CE-80C8-D76871B6D233"}, {"criteria": "cpe:2.3:a:phpprojekt:phpprojekt:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC7E15FE-5163-4D9A-91BF-FEC1D51ADAAC"}, {"criteria": "cpe:2.3:a:phpprojekt:phpprojekt:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE20254C-8118-4013-B85D-091C5C78D96F"}, {"criteria": "cpe:2.3:a:phpprojekt:phpprojekt:2.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC288426-7FFD-4103-B460-A78722DC9032"}, {"criteria": "cpe:2.3:a:phpprojekt:phpprojekt:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3EAC5D3-5BD2-48B5-866D-2B82F550E7F7"}, {"criteria": "cpe:2.3:a:phpprojekt:phpprojekt:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9918B4EA-67BC-4EEF-81AA-CC349D0AADC4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}