CVE-2005-3551 - OpenCVE

toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Toenda Software Development	Toendacms

Configuration 1 [-]

cpe:2.3:a:toenda_software_development:toendacms:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/17471	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/415975/30/0/threaded
http://www.vupen.com/english/advisories/2005/2343

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-16T07:37:00

Updated: 2018-10-19T14:57:01

Reserved: 2005-11-16T00:00:00

Link: CVE-2005-3551

JSON object: View

NVD Information

Status : Modified

Published: 2005-11-16T07:42:00.000

Modified: 2018-10-19T15:37:03.003

Link: CVE-2005-3551

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-07T00:00:00", "descriptions": [{"lang": "en", "value": "toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17471"}, {"name": "ADV-2005-2343", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2343"}, {"name": "20051107 SEC Consult SA-20051107-0 :: toendaCMS multiple vulnerabilites", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/415975/30/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3551", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17471"}, {"name": "ADV-2005-2343", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2343"}, {"name": "20051107 SEC Consult SA-20051107-0 :: toendaCMS multiple vulnerabilites", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/415975/30/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3551", "datePublished": "2005-11-16T07:37:00", "dateReserved": "2005-11-16T00:00:00", "dateUpdated": "2018-10-19T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}