Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 17/09/2012 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.

Vulnerable Product	Search on Vulmon	Subscribe to Product
silverstripe silverstripe 2.3.1
silverstripe silverstripe 2.3.2
silverstripe silverstripe 2.3.9
silverstripe silverstripe 2.3.5
silverstripe silverstripe 2.3.6
silverstripe silverstripe 2.3.3
silverstripe silverstripe 2.3.4
silverstripe silverstripe 2.3.0
silverstripe silverstripe 2.3.7
silverstripe silverstripe 2.3.8
silverstripe silverstripe 2.4.0
silverstripe silverstripe 2.4.3
silverstripe silverstripe 2.4.1
silverstripe silverstripe 2.4.2

CWE-264 http://open.silverstripe.org/ticket/5031 http://secunia.com/advisories/42346 http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10 http://www.openwall.com/lists/oss-security/2012/05/01/3 http://www.openwall.com/lists/oss-security/2012/04/30/3 http://www.openwall.com/lists/oss-security/2011/01/03/12 http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4 http://www.openwall.com/lists/oss-security/2012/04/30/1 http://www.securityfocus.com/bid/45367 http://www.osvdb.org/69888 https://exchange.xforce.ibmcloud.com/vulnerabilities/63990 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-5078

Vulnerability Summary

References

Vulmon Search

About

Products

Connect