CVE-2010-2271

{"id": "CVE-2010-2271", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-06-15T14:30:01.377", "references": [{"url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/245081", "tags": ["US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter."}, {"lang": "es", "value": "Vulnerabilidad de formato de cadena en authcfg.cgi en Accoria Web Server (tambi\u00e9n conocido como Rock Web Server) v1.4.7 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de especificadores de formato de cadena en el par\u00e1metro path (del archivo de contrase\u00f1as)."}], "lastModified": "2010-06-16T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:accoria:rock_web_server:1.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07F604B-CCDD-4F78-93FA-C63273EAD480"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}