CVE-2006-4908 - OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing

CVE-2006-4908

Summary

OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information.

References

Vulnerable Configurations

cpe:2.3:a:ohio_state_university:osu_httpd:3.10a:*:*:*:*:*:*:*
cpe:2.3:a:ohio_state_university:osu_httpd:3.10a:*:*:*:*:*:*:*
cpe:2.3:a:ohio_state_university:osu_httpd:3.11alpha:*:*:*:*:*:*:*
cpe:2.3:a:ohio_state_university:osu_httpd:3.11alpha:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 17-10-2018 - 21:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20060918 [RLSA_02-2006] OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature?
secunia	22016
sreason	1622
xf	osu-httpd-wildcard-information-disclosure(29032)

Last major update

17-10-2018 - 21:40

Published

21-09-2006 - 00:07

Last modified

17-10-2018 - 21:40