Vulnerability Details CVE-2004-2353
BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/10785/
- http://www.incogen.com/downloads/bugport/CHANGELOG.txt
- http://www.securityfocus.com/bid/9542
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15030
- http://secunia.com/advisories/10785/
- http://www.incogen.com/downloads/bugport/CHANGELOG.txt
- http://www.securityfocus.com/bid/9542
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15030
Products affected by CVE-2004-2353
-
cpe:2.3:a:incogen:bugport:1.090
-
cpe:2.3:a:incogen:bugport:1.091
-
cpe:2.3:a:incogen:bugport:1.092
-
cpe:2.3:a:incogen:bugport:1.093
-
cpe:2.3:a:incogen:bugport:1.094
-
cpe:2.3:a:incogen:bugport:1.095
-
cpe:2.3:a:incogen:bugport:1.096
-
cpe:2.3:a:incogen:bugport:1.097
-
cpe:2.3:a:incogen:bugport:1.098