CVE-2004-0355
CVSS5.0
发布时间 :2004-11-23 00:00:00
修订时间 :2016-10-17 22:44:30
NMCOS    

[原文]Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message.


[CNNVD]Invision Power Board错误消息路径泄露漏洞(CNNVD-200411-094)

        
        Invision Power Board是一款流行的论坛程序。
        Invision Power Board在的上传文件功能存在问题,远程攻击者可以利用这个漏洞获得软件安装路径信息。
        在论坛中的"My Controls"中,用户可以更改个人照片,这可通过如下URL访问:
        http://www.example.com/forum/index.php?act=UserCP&CODE=photo
        如果用户上传的一个文件名不是实际的图象文件,并点击上传图片按钮,PHP就会返回如下错误消息:
        "Warning: getimagesize(): Read error! in
        /home/admin/public_html/forum/sources/lib/usercp_functions.php
        on line 192"
        可导致敏感信息泄露。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0355
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0355
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-094
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107850510428567&w=2
(UNKNOWN)  BUGTRAQ  20040305 Invision Power Board 1.3 Final Path Disclosure Vulnerability
http://www.securityfocus.com/bid/9810
(VENDOR_ADVISORY)  BID  9810
http://xforce.iss.net/xforce/xfdb/15400
(VENDOR_ADVISORY)  XF  invision-invalid-path-disclosure(15400)

- 漏洞信息

Invision Power Board错误消息路径泄露漏洞
中危 设计错误
2004-11-23 00:00:00 2005-10-20 00:00:00
远程  
        
        Invision Power Board是一款流行的论坛程序。
        Invision Power Board在的上传文件功能存在问题,远程攻击者可以利用这个漏洞获得软件安装路径信息。
        在论坛中的"My Controls"中,用户可以更改个人照片,这可通过如下URL访问:
        http://www.example.com/forum/index.php?act=UserCP&CODE=photo
        如果用户上传的一个文件名不是实际的图象文件,并点击上传图片按钮,PHP就会返回如下错误消息:
        "Warning: getimagesize(): Read error! in
        /home/admin/public_html/forum/sources/lib/usercp_functions.php
        on line 192"
        可导致敏感信息泄露。
        

- 公告与补丁

        厂商补丁:
        Invision PS
        -----------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.invisionboard.com/

- 漏洞信息

6728
Invision Power Board Crafted Personal Photo Path Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Invision Power Board contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when suppling an invalid character in the upload field for "Change Personal Photo" option, which will disclose the physical path of the Web server, resulting in a loss of confidentiality.

- 时间线

2004-03-05 Unknow
2004-03-05 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Invision Power Board Error Message Path Disclosure Vulnerability
Design Error 9810
Yes No
2004-03-05 12:00:00 2009-07-12 03:06:00
The disclosure of this issue has been credited to JeiAr of the GulfTech Security Research Team.

- 受影响的程序版本

Invision Power Services Invision Board 1.3

- 漏洞讨论

It has been reported that Invision Power Board may be prone to an information disclosure vulnerability that may allow an attacker to disclose the installation path. This issue can be exploited by issuing an invalid request for uploading an image file. The path is reportedly included in an error message displayed by the server.

Invision Board version 1.3 is reported to be vulnerable to this issue; however, it is possible that other versions are affected as well.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站