CVE-2005-4148
Published Dec 10, 2005
Last updated 6 years ago
Overview
- Description
- Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lyris_technologies_inc:listmanager:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA7692A2-BC9A-4F87-B124-A2E7F3376E27"
},
{
"criteria": "cpe:2.3:a:lyris_technologies_inc:listmanager:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA9383A8-69A0-4398-95AB-C8E723AD857A"
},
{
"criteria": "cpe:2.3:a:lyris_technologies_inc:listmanager:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E26CB041-073B-45DF-9E69-3835564E6006"
},
{
"criteria": "cpe:2.3:a:lyris_technologies_inc:listmanager:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FE562AE-94D6-4C62-B149-AC79390D4BE1"
},
{
"criteria": "cpe:2.3:a:lyris_technologies_inc:listmanager:8.8a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9715CA02-81AE-4F85-B0F7-CE100A74D2D2"
}
],
"operator": "OR"
}
]
}
]