CVE-2004-1572 - AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skin

CVE-2004-1572

Summary

AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.

References

http://echo.or.id/adv/adv07-y3dips-2004.txt
http://marc.info/?l=bugtraq&m=109664986210763&w=2
http://securitytracker.com/id?1011484
http://www.securityfocus.com/bid/11301
https://exchange.xforce.ibmcloud.com/vulnerabilities/17569

Vulnerable Configurations

cpe:2.3:a:aj-fork:aj-fork:167:*:*:*:*:*:*:*
cpe:2.3:a:aj-fork:aj-fork:167:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	11301
bugtraq	20041001 Multiple Vulnerabilities in AJ-Fork
misc	http://echo.or.id/adv/adv07-y3dips-2004.txt
sectrack	1011484
xf	af-fork-directory-disclosure(17569)

Last major update

11-07-2017 - 01:31

Published

31-12-2004 - 05:00

Last modified

11-07-2017 - 01:31