CVE-2004-2061 - RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open

CVE-2004-2061

Summary

RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.

References

Vulnerable Configurations

cpe:2.3:a:risearch:risearch:1.0.01:*:*:*:*:*:*:*
cpe:2.3:a:risearch:risearch:1.0.01:*:*:*:*:*:*:*
cpe:2.3:a:risearch:risearch_pro:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:risearch:risearch_pro:3.2.6:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 08-02-2024 - 19:56)
Impact:
Exploitability:

CWE

CWE-918

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	10812
bugtraq	20040727 IRM 009: RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities
osvdb	8265 8266
sectrack	1010788
secunia	12173
xf	risearch-show-open-proxy(16817)

Last major update

08-02-2024 - 19:56

Published

27-07-2004 - 04:00

Last modified

08-02-2024 - 19:56