Vulnerability Details CVE-2004-2518
Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.062
EPSS Ranking 90.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt
- http://secunia.com/advisories/12071
- http://securitytracker.com/id?1010703
- http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion%3Baction=display%3Bnum=1091194176%3Bstart=0#0
- http://www.osvdb.org/7922
- http://www.osvdb.org/7923
- http://www.securityfocus.com/bid/10729
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16699
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16700
- http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt
- http://secunia.com/advisories/12071
- http://securitytracker.com/id?1010703
- http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion%3Baction=display%3Bnum=1091194176%3Bstart=0#0
- http://www.osvdb.org/7922
- http://www.osvdb.org/7923
- http://www.securityfocus.com/bid/10729
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16699
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16700
Products affected by CVE-2004-2518
-
cpe:2.3:o:geeos_team:gattaca_server_2003:1.1.10.0