Vulnerability Description
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deerfield | Visnetic Website | 3.5.13 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.htmlExploitPatchVendor Advisory
- http://marc.info/?l=bugtraq&m=105733894003737&w=2
- http://www.krusesecurity.dk/advisories/vis0103.txt
- http://www.securityfocus.com/bid/8075PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12483
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.htmlExploitPatchVendor Advisory
- http://marc.info/?l=bugtraq&m=105733894003737&w=2
- http://www.krusesecurity.dk/advisories/vis0103.txt
- http://www.securityfocus.com/bid/8075PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12483
FAQ
What is CVE-2003-0456?
CVE-2003-0456 is a vulnerability with a CVSS score of 5.0 (MEDIUM). VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstra...
How severe is CVE-2003-0456?
CVE-2003-0456 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0456?
Check the references section above for vendor advisories and patch information. Affected products include: Deerfield Visnetic Website.