PT-2005-5075 · Contens · Contens

Published

2005-12-20

Updated

2017-07-20

CVE-2005-4389

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CONTENS versions 3.0 and earlier

Description The issue allows remote attackers to obtain the full server path via invalid parameters. Specifically, the affected parameters are submit.y, bool, itemsperpage, submit, submit.x, criteria, advanced, and intern.

Recommendations For CONTENS versions 3.0 and earlier, as a temporary workaround, consider restricting access to the "search.cfm" page until a patch is available. Avoid using the parameters submit.y, bool, itemsperpage, submit, submit.x, criteria, advanced, and intern in the affected page until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4389

Affected Products

Contens

PT-2005-5075 · Contens · Contens

CVE-2005-4389

Related Identifiers

Affected Products

References · 6