| CVE-2002-1736 |
|
发布时间 :2002-12-31 00:00:00 |
| 修订时间 :2008-09-05 16:31:23 |
| NMCO |
|
|
[原文]Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via "unfiltered user input."
[CNNVD]CGINews读取任意文件漏洞(CNNVD-200212-862)
CGINews 1.06以前版本存在未知漏洞。远程攻击者借助“未筛选的用户输入”读取任意文件。
-
CVSS (基础分值)
| CVSS分值: |
5 |
[中等(MEDIUM)] |
| 机密性影响: |
PARTIAL |
[很可能造成信息泄露] |
| 完整性影响: |
NONE |
[不会对系统完整性产生影响] |
| 可用性影响: |
NONE |
[对系统可用性无影响] |
| 攻击复杂度: |
LOW |
[漏洞利用没有访问限制 ] |
| 攻击向量: |
|
[--] |
| 身份认证: |
NONE |
[漏洞利用无需身份认证] |
-
CPE (受影响的平台与产品)
-
OVAL (用于检测的技术细节)
-
官方数据库链接
-
其它链接及资源
-
漏洞信息
|
CGINews读取任意文件漏洞 |
| 中危 |
未知 |
| 2002-12-31 00:00:00 |
2005-10-20 00:00:00 |
| 远程 |
|
|
CGINews 1.06以前版本存在未知漏洞。远程攻击者借助“未筛选的用户输入”读取任意文件。
|
-
公告与补丁
-
漏洞信息
|
37192 |
|
CGINews Unspecified Arbitrary File Disclosure |
|
|
Information Disclosure |
| Loss of Confidentiality |
Upgrade |
|
Vendor Verified |
-
漏洞描述
-
时间线
|
2002-02-10 |
Unknow |
| Unknow |
Unknow |
-
解决方案
| Upgrade to version 1.06 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
-
相关参考
-
漏洞作者
We must accept finite disappointment, but we must never lose infinite hope.