CVE-2005-3255

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

18/10/2005

Last modified:

05/09/2008

Description

The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 5.00 MEDIUM
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0

5.00

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:nathan_neulinger:cgiwrap:1.0::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.0::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.1::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.2::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.3::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.4::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.5::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.6::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.7::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.0::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.1::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.2::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.3::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.4::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.5::debian_gnu_linux:::::

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000003.html

CPE	From	Up to
cpe:2.3:a:nathan_neulinger:cgiwrap:1.0::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.0::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.1::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.2::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.3::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.4::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.5::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.6::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:2.7::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.0::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.1::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.2::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.3::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.4::debian_gnu_linux:::::
cpe:2.3:a:nathan_neulinger:cgiwrap:3.5::debian_gnu_linux:::::