CVE-2005-4015 - PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which

CVE-2005-4015

Summary

PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php.

References

http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html
http://freewebstat.com/changelog-english.html
http://securityreason.com/securityalert/214
http://www.ush.it/2005/11/19/php-web-statistik/
https://exchange.xforce.ibmcloud.com/vulnerabilities/23386

Vulnerable Configurations

cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*
cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20051128 Php Web Statistik Multiple Vulnerabilities
misc	http://freewebstat.com/changelog-english.html http://www.ush.it/2005/11/19/php-web-statistik/
sreason	214
xf	phpwebstatistik-disk-quota-dos(23386)

Last major update

20-07-2017 - 01:29

Published

05-12-2005 - 11:03

Last modified

20-07-2017 - 01:29