CVE-2012-3354

{"id": "CVE-2012-3354", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-20T00:55:00.917", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html", "source": "secalert@redhat.com"}, {"url": "http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:073", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/06/24/2", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/06/25/2", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=835145", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message."}, {"lang": "es", "value": "doku.php en DokuWiki, utilizado en Fedora 16, 17 y 18, cuando ciertos niveles de error de PHP se establecen, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s del par\u00e1metro prefix, lo que revela la ruta de instalaci\u00f3n en un mensaje de error."}], "lastModified": "2013-12-13T05:02:31.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FBAE4B4-559D-46BC-9795-5102A7AD9D6D"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}