CVE-2010-0976 - OpenCVE

Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Acidcat	Acidcat Cms

Configuration 1 [-]

OR	cpe:2.3:a:acidcat:acidcat_cms:3.5.0:::::::*
	cpe:2.3:a:acidcat:acidcat_cms:3.5.1:::::::*
	cpe:2.3:a:acidcat:acidcat_cms:3.5.2:::::::*
	cpe:2.3:a:acidcat:acidcat_cms:3.5.3:::::::*

References

Link	Resource
http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt	Exploit
http://www.exploit-db.com/exploits/10972
https://exchange.xforce.ibmcloud.com/vulnerabilities/55331

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-03-16T19:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2010-03-16T00:00:00

Link: CVE-2010-0976

JSON object: View

NVD Information

Status : Modified

Published: 2010-03-16T19:30:00.493

Modified: 2017-08-17T01:32:12.040

Link: CVE-2010-0976

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-03T00:00:00", "descriptions": [{"lang": "en", "value": "Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states \"Important: you must now delete all files beginning with 'install' from the root directory.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "acidcat-install-info-disclosure(55331)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt"}, {"name": "10972", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/10972"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0976", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states \"Important: you must now delete all files beginning with 'install' from the root directory.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "acidcat-install-info-disclosure(55331)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331"}, {"name": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt"}, {"name": "10972", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/10972"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0976", "datePublished": "2010-03-16T19:00:00", "dateReserved": "2010-03-16T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acidcat:acidcat_cms:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "64D1AC55-4A21-44E9-AAB3-360F795DBCF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:acidcat:acidcat_cms:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1F5328F-D230-4CD9-AAAA-DBE924ED91EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:acidcat:acidcat_cms:3.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "257D0C22-7893-489C-85F3-586D55265759", "vulnerable": true}, {"criteria": "cpe:2.3:a:acidcat:acidcat_cms:3.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "9AAE4867-ED75-46B8-8E17-66527D753110", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states \"Important: you must now delete all files beginning with 'install' from the root directory.\""}, {"lang": "es", "value": "Acidcat CMS v3.5.x no previene el acceso a install.asp despu\u00e9s de finalizada la instalaci\u00f3n, lo que puede permitir a atacantes remotos retomar el proceso de instalaci\u00f3n y producir otro impactos no especificados a trav\u00e9s de peticiones a install.asp y otros c\u00f3digos en install_*.asp. NOTA: La pantalla final de la instalaci\u00f3n \"Importante: Debe borrar todos los archivos iniciales con 'install' desde el directorio root\"."}], "id": "CVE-2010-0976", "lastModified": "2017-08-17T01:32:12.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-03-16T19:30:00.493", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/10972"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}