CVE-2005-4856

Name of the Vulnerable Software and Affected Versions: eZ publish versions 3.5 through 3.5.6 eZ publish versions 3.6 through 3.6.4 eZ publish versions 3.7 through 3.7.2 eZ publish versions 3.8 before 20051110

Description: The admin interface does not properly handle authorization errors, allowing remote attackers to obtain sensitive information and see the admin page layout and associated templates via a request with incorrect URL parameters, such as anything after the url or a wrong url.

Recommendations: For eZ publish versions 3.5 through 3.5.6, update to version 3.5.7 or later. For eZ publish versions 3.6 through 3.6.4, update to version 3.6.5 or later. For eZ publish versions 3.7 through 3.7.2, update to version 3.7.3 or later. For eZ publish versions 3.8 before 20051110, update to a version released on or after 20051110.