CVE-2005-4880

Name of the Vulnerable Software and Affected Versions Jax Guestbook versions 3.1 through 3.31

Description The issue allows remote attackers to obtain IP addresses of users due to insufficient access control. This is achieved via a direct request to various endpoints, including "guestbook", "guestbook ips2block", "ips2block", and "formmailer/logfile.csv".

Recommendations For versions 3.1 through 3.31, restrict access to the sensitive information stored under the web root to prevent remote attackers from obtaining user IP addresses. Consider implementing proper access controls for the affected endpoints. As a temporary workaround, consider restricting direct requests to the "guestbook", "guestbook ips2block", "ips2block", and "formmailer/logfile.csv" endpoints until a proper fix is applied.