CVE-2006-0843

Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password.

Published Bycve@mitre.org

Published DateFeb 22, 2006, 02:02

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE

References

http://secunia.com/advisories/18923
http://securityreason.com/securityalert/522
http://www.evuln.com/vulns/82/summary.html
http://www.securityfocus.com/bid/16712
https://exchange.xforce.ibmcloud.com/vulnerabilities/24752

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE