var-200808-0340
Vulnerability from variot
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. vtiger CRM is prone to an information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to retrieve arbitrary files that may contain potentially sensitive information. Information harvested may be used in further attacks. This issue affects versions prior to vtiger CRM 5.0.4 RC. Vtiger CRM is an open source web-based customer relationship management system (CRM) based on Sales Force Automation (SFA).
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: vtiger CRM File Disclosure Vulnerability
SECUNIA ADVISORY ID: SA28370
VERIFY ADVISORY: http://secunia.com/advisories/28370/
CRITICAL: Moderately critical
IMPACT: Exposure of sensitive information
WHERE:
From remote
SOFTWARE: vtiger CRM 5.x http://secunia.com/product/14762/
DESCRIPTION: A vulnerability has been reported in vtiger CRM, which can be exploited by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to the application not correctly restricting access to e.g. the /test/wordtemplatedownload directory, which can be exploited to list and download directory contents.
SOLUTION: Restrict access to affected directories (e.g. via ".htaccess"). Renaming this file to ".htaccess" prohibits the listing of directory content.
PROVIDED AND/OR DISCOVERED BY: Reported in a bug by "pieper".
ORIGINAL ADVISORY: http://sourceforge.net/project/shownotes.php?release_id=567189
Bug #2107: http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm rc",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.4"
}
],
"sources": [
{
"db": "BID",
"id": "27228"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "pieper is credited with discovering this issue.",
"sources": [
{
"db": "BID",
"id": "27228"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
}
],
"trust": 0.9
},
"cve": "CVE-2008-3458",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2008-3458",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-33583",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3458",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-3458",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33583",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-3458",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. vtiger CRM is prone to an information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. \nA remote attacker may exploit this vulnerability to retrieve arbitrary files that may contain potentially sensitive information. Information harvested may be used in further attacks. \nThis issue affects versions prior to vtiger CRM 5.0.4 RC. Vtiger CRM is an open source web-based customer relationship management system (CRM) based on Sales Force Automation (SFA). \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nvtiger CRM File Disclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA28370\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28370/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nExposure of sensitive information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nvtiger CRM 5.x\nhttp://secunia.com/product/14762/\n\nDESCRIPTION:\nA vulnerability has been reported in vtiger CRM, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation. \n\nThe vulnerability is caused due to the application not correctly\nrestricting access to e.g. the /test/wordtemplatedownload directory,\nwhich can be exploited to list and download directory contents. \n\nSOLUTION:\nRestrict access to affected directories (e.g. via \".htaccess\"). Renaming\nthis file to \".htaccess\" prohibits the listing of directory content. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported in a bug by \"pieper\". \n\nORIGINAL ADVISORY:\nhttp://sourceforge.net/project/shownotes.php?release_id=567189\n\nBug #2107:\nhttp://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3458"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "BID",
"id": "27228"
},
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"db": "PACKETSTORM",
"id": "62490"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3458",
"trust": 2.9
},
{
"db": "BID",
"id": "27228",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "28370",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "40218",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-33583",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2008-3458",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62490",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"db": "BID",
"id": "27228"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "PACKETSTORM",
"id": "62490"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"id": "VAR-200808-0340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33583"
}
],
"trust": 0.62916664
},
"last_update_date": "2024-11-23T21:56:46.134000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "2107",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
},
{
"trust": 1.9,
"url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/27228"
},
{
"trust": 1.8,
"url": "http://wiki.vtiger.com/index.php/vtiger_crm_5.0.4_-_release_notes"
},
{
"trust": 1.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/40218"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/28370"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3458"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3458"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28370/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14762/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"db": "BID",
"id": "27228"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "PACKETSTORM",
"id": "62490"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"db": "BID",
"id": "27228"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "PACKETSTORM",
"id": "62490"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-33583"
},
{
"date": "2008-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"date": "2008-01-10T00:00:00",
"db": "BID",
"id": "27228"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"date": "2008-01-10T22:33:57",
"db": "PACKETSTORM",
"id": "62490"
},
{
"date": "2008-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"date": "2008-08-04T19:41:00",
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-33583"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"date": "2015-05-07T17:33:00",
"db": "BID",
"id": "27228"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"date": "2024-11-21T00:49:18.470000",
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM Vulnerable to reading email merge templates",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…