CVE-2004-1219 - paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote

CVE-2004-1219

Summary

paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.

References

http://echo.or.id/adv/adv09-y3dips-2004.txt
http://marc.info/?l=bugtraq&m=110245123927025&w=2
http://www.securityfocus.com/bid/11818
https://exchange.xforce.ibmcloud.com/vulnerabilities/18364

Vulnerable Configurations

cpe:2.3:a:php_arena:pafiledb:3.1:*:*:*:*:*:*:*
cpe:2.3:a:php_arena:pafiledb:3.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	11818
bugtraq	20041207 Multiple Vulnerabilities in paFileDB 3.1
misc	http://echo.or.id/adv/adv09-y3dips-2004.txt
xf	pafiledb-session-information-disclosure(18364)

Last major update

11-07-2017 - 01:30

Published

10-01-2005 - 05:00

Last modified

11-07-2017 - 01:30