CVE-2005-4856
Published Dec 31, 2005
Last updated 9 years ago
Overview
- Description
- The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-19
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CDE6E82-F846-4CB2-914B-2C823676D8C5",
"versionEndIncluding": "3.8.0"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFFCB98A-B28B-4BC0-AF70-A75FD5845C87"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "489A43E7-1190-4F14-8499-7597013C8260"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F1FB755-41D8-4C8F-91EB-419C362F8FAF"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C966B6E-75DC-4470-B1F5-22424AF8EBEA"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA4CD0FB-13BD-4DDB-B82C-7204206F764F"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE243CE3-75E4-4C29-BF80-30FEB6321BC2"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "504FCE83-4801-4ACC-81DF-402841B2B121"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B14B2E33-CB8C-4F40-B7D1-3FE67E9D6D1F"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E163DA2F-053F-4D9F-B793-9A2B70ADE342"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECA5BE97-28F9-4DEE-BAB3-093D6F35F730"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6035B56A-94C9-4131-9C49-3EE37DCE23A7"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6F8F2AC-AB82-4925-91D2-A6DE65E4A4FD"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDF55F25-B30D-4FC9-ADA7-7F185CD5338F"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CC77C98-2C37-49CE-AFB4-49D84BEC78FE"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish:3.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "568B3930-DDA1-4582-B1E8-BA4B4E83E49B"
}
],
"operator": "OR"
}
]
}
]