CVE-2002-0483

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://online.securityfocus.com/archive/1/263337	Vendor Advisory
http://www.iss.net/security_center/static/8618.php	Vendor Advisory
http://www.securityfocus.com/bid/4333	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:francisco_burzi:php-nuke:5.0:::::::*
	cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:::::::*
	cpe:2.3:a:francisco_burzi:php-nuke:5.1:::::::*
	cpe:2.3:a:francisco_burzi:php-nuke:5.2:::::::*
	cpe:2.3:a:francisco_burzi:php-nuke:5.2a:::::::*
	cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:::::::*
	cpe:2.3:a:francisco_burzi:php-nuke:5.4:::::::*

History

No history.

Information

Published : 2002-08-12 04:00

Updated : 2008-09-05 20:28

NVD link : CVE-2002-0483

Mitre link : CVE-2002-0483

CVE.ORG link : CVE-2002-0483

JSON object : View

Products Affected

francisco_burzi

php-nuke

CWE

NVD-CWE-Other

{"id": "CVE-2002-0483", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/263337", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8618.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4333", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname."}], "lastModified": "2008-09-05T20:28:08.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93B755A9-694E-49FA-9068-353203AF9965"}, {"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA0B88AD-CACF-4E48-A4B1-313FFE32D058"}, {"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF4C3F85-A23C-40B9-9B0F-564E7C254AA5"}, {"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EAF55C4-F0A7-4A36-B203-83670D58483F"}, {"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3ED3BFC-C8CF-4537-832C-0D00400AC064"}, {"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C94B62CA-8D34-4B37-8748-1FE64F0299DF"}, {"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8720AE61-41C7-4EA8-8C01-81AC0BFACBCC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}