Vulnerability Details CVE-2005-1055
TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=111323802003019&w=2
- http://secunia.com/advisories/14884
- http://securitytracker.com/id?1013675
- http://www.osvdb.org/15425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20039
- http://marc.info/?l=bugtraq&m=111323802003019&w=2
- http://secunia.com/advisories/14884
- http://securitytracker.com/id?1013675
- http://www.osvdb.org/15425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20039
Products affected by CVE-2005-1055
-
cpe:2.3:a:towerblog:towerblog:0.2
-
cpe:2.3:a:towerblog:towerblog:0.4_r1
-
cpe:2.3:a:towerblog:towerblog:0.6
-
cpe:2.3:a:towerblog:towerblog:0.6_r1