var-200910-0131
Vulnerability from variot
InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. NaviCOPA Web Server is a web server installed on a Windows system that automatically configures HTTP access. NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. The CB Resume Builder ('com_cbresumebuilder') component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
Input passed via the "group_id" parameter to index.php (if "option" is set to "com_cbresumebuilder" and "task" is set to "group_member") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
SOLUTION: Edit the source code to ensure that input is properly sanitised. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?
Click here to learn more: http://secunia.com/advisories/business_solutions/
TITLE: NaviCOPA Script Source Disclosure and Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA33766
VERIFY ADVISORY: http://secunia.com/advisories/33766/
CRITICAL: Highly critical
IMPACT: Exposure of sensitive information, DoS, System access
WHERE:
From remote
SOFTWARE: NaviCOPA 3.x http://secunia.com/advisories/product/21322/
DESCRIPTION: e.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
1) A boundary error in the processing of HTTP requests can be exploited to cause a heap-based buffer overflow via an overly long HTTP GET request. PHP scripts via specially crafted requests containing e.g. dot characters.
The vulnerabilities are confirmed in version 3.01.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: e.wiZz!
ORIGINAL ADVISORY: http://milw0rm.com/exploits/7966
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0131",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "navicopa web server",
"scope": "eq",
"trust": 3.0,
"vendor": "intervations",
"version": "3.01"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "cb resume builder",
"scope": "eq",
"trust": 0.3,
"vendor": "joomlacache",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:intervations:navicopa_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "79333"
}
],
"trust": 0.3
},
"cve": "CVE-2009-3646",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2009-3646",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2009-0590",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3646",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3646",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2009-0590",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-168",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. NaviCOPA Web Server is a web server installed on a Windows system that automatically configures HTTP access. NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. \nSuccessful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. The CB Resume Builder (\u0027com_cbresumebuilder\u0027) component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nInput passed via the \"group_id\" parameter to index.php (if \"option\"\nis set to \"com_cbresumebuilder\" and \"task\" is set to \"group_member\")\nis not properly sanitised before being used in an SQL query. This can\nbe exploited to manipulate SQL queries by injecting arbitrary SQL\ncode. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nNaviCOPA Script Source Disclosure and Buffer Overflow Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA33766\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33766/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nExposure of sensitive information, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNaviCOPA 3.x\nhttp://secunia.com/advisories/product/21322/\n\nDESCRIPTION:\ne.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation, cause a DoS (Denial of Service), or potentially\ncompromise a vulnerable system. \n\n1) A boundary error in the processing of HTTP requests can be\nexploited to cause a heap-based buffer overflow via an overly long\nHTTP GET request. PHP scripts via specially crafted\nrequests containing e.g. dot characters. \n\nThe vulnerabilities are confirmed in version 3.01. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\ne.wiZz!\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/7966\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3646"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
},
{
"db": "PACKETSTORM",
"id": "81825"
},
{
"db": "PACKETSTORM",
"id": "74658"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3646",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "33766",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "9694",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "58386",
"trust": 1.0
},
{
"db": "BID",
"id": "33585",
"trust": 0.9
},
{
"db": "BID",
"id": "36598",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "36954",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2009-0590",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168",
"trust": 0.6
},
{
"db": "XF",
"id": "53278",
"trust": 0.3
},
{
"db": "BID",
"id": "79333",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "81825",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "7966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74658",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "PACKETSTORM",
"id": "81825"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"id": "VAR-200910-0131",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
}
]
},
"last_update_date": "2024-11-23T21:47:44.213000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.navicopa.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "http://www.exploit-db.com/exploits/9694"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/33766"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53278"
},
{
"trust": 1.0,
"url": "http://www.osvdb.org/58386"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3646"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3646"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/33766/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/36598"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/36954"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.org/0910-exploits/joomlacbrb-sql.txt"
},
{
"trust": 0.3,
"url": "http://www.milw0rm.com/exploits/9694"
},
{
"trust": 0.3,
"url": "http://xforce.iss.net/xforce/xfdb/53278"
},
{
"trust": 0.3,
"url": "http://www.navicopa.com/"
},
{
"trust": 0.3,
"url": "/archive/1/500626"
},
{
"trust": 0.3,
"url": "http://www.joomlacache.com/"
},
{
"trust": 0.3,
"url": "http://docs.joomla.org/vulnerable_extensions_list#new_format_feed_starts_here"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36954/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/21322/"
},
{
"trust": 0.1,
"url": "http://milw0rm.com/exploits/7966"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "PACKETSTORM",
"id": "81825"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"db": "PACKETSTORM",
"id": "81825"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"date": "2009-10-09T00:00:00",
"db": "BID",
"id": "79333"
},
{
"date": "2009-02-03T00:00:00",
"db": "BID",
"id": "33585"
},
{
"date": "2009-10-05T00:00:00",
"db": "BID",
"id": "36598"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"date": "2009-10-06T15:00:18",
"db": "PACKETSTORM",
"id": "81825"
},
{
"date": "2009-02-04T15:44:25",
"db": "PACKETSTORM",
"id": "74658"
},
{
"date": "2009-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"date": "2009-10-09T14:30:00.377000",
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"date": "2009-10-09T00:00:00",
"db": "BID",
"id": "79333"
},
{
"date": "2009-08-25T00:52:00",
"db": "BID",
"id": "33585"
},
{
"date": "2010-02-11T18:01:00",
"db": "BID",
"id": "36598"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005046"
},
{
"date": "2009-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-168"
},
{
"date": "2024-11-21T01:07:53.037000",
"db": "NVD",
"id": "CVE-2009-3646"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "79333"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36598"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "InterVations NaviCOPA Web Server In Web Vulnerability to get page source code",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005046"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-168"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…