PT-2005-5091 · Red Queen · Red Queen

Published

2005-12-20

Updated

2011-03-08

CVE-2005-4405

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Queen versions 1.02 and earlier

Description The issue allows remote attackers to obtain the full server path via invalid parameters, including yellowpage id, skin id, supplier id, and module, which leaks the path in an error message.

Recommendations For Red Queen versions 1.02 and earlier, consider restricting access to the redqueen.cgi script until a fix is available. As a temporary workaround, avoid using invalid parameters in the affected script to minimize the risk of path disclosure.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4405

Affected Products

Red Queen

PT-2005-5091 · Red Queen · Red Queen

CVE-2005-4405

Related Identifiers

Affected Products

References · 4