CVE-2006-4907 - OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-e

CVE-2006-4907

Summary

OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message.

References

Vulnerable Configurations

cpe:2.3:a:ohio_state_university:osu_httpd:3.10a:*:*:*:*:*:*:*
cpe:2.3:a:ohio_state_university:osu_httpd:3.10a:*:*:*:*:*:*:*
cpe:2.3:a:ohio_state_university:osu_httpd:3.11alpha:*:*:*:*:*:*:*
cpe:2.3:a:ohio_state_university:osu_httpd:3.11alpha:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 17-10-2018 - 21:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20060918 [RLSA_02-2006] OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature?
secunia	22016
sreason	1602
xf	osu-httpd-error-path-disclosure(29031)

Last major update

17-10-2018 - 21:40

Published

21-09-2006 - 00:07

Last modified

17-10-2018 - 21:40