CVE-2008-1717

WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html
http://secunia.com/advisories/29719	Vendor Advisory
http://www.securityfocus.com/archive/1/490560/100/0/threaded
http://www.securityfocus.com/archive/1/490782/100/0/threaded
http://www.securityfocus.com/bid/28678
https://exchange.xforce.ibmcloud.com/vulnerabilities/41713

Configurations

Configuration 1 (hide)

cpe:2.3:a:woltlab:burning_board:3.0.5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-04-09 21:05

Updated : 2024-02-04 17:33

NVD link : CVE-2008-1717

Mitre link : CVE-2008-1717

CVE.ORG link : CVE-2008-1717

JSON object : View

Products Affected

woltlab

burning_board

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2008-1717", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-04-09T21:05:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html", "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29719", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/490560/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/490782/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28678", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found."}, {"lang": "es", "value": "WoltLab Community Framework (WCF) 1.0.6 de WoltLab Burning Board 3.0.5 permite a atacantes remotos obtener la ruta completa a trav\u00e9s de los par\u00e1metros no v\u00e1lidos (1) page y (2) form, lo cual filtra la ruta de un manejador de excepciones cuando una clase v\u00e1lida no se puede encontrar."}], "lastModified": "2018-10-11T20:36:35.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:woltlab:burning_board:3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7D2C3ED-2974-4585-8513-043327535178"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}