CVE-2005-3630

Sažetak

Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.

Reference

http://directory.fedora.redhat.com/wiki/FDS10Announcement
http://secunia.com/advisories/18939
http://www.securityfocus.com/bid/16729
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121994
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

05-09-2008 - 20:54

Objavljeno

31-12-2005 - 05:00