CVE-2004-2061

Sažetak

RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.

Reference

http://marc.info/?l=bugtraq&m=109095196526490&w=2
http://secunia.com/advisories/12173
http://securitytracker.com/id?1010788
http://www.osvdb.org/8265
http://www.osvdb.org/8266
http://www.securityfocus.com/bid/10812
https://exchange.xforce.ibmcloud.com/vulnerabilities/16817

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-02-2024 - 19:56

Objavljeno

27-07-2004 - 04:00