Vulnerability Description
Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter to (1) Statsbrowse.asp or (2) Generalbrowse.asp.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hosting Controller | Hosting Controller | 6.1 |
References
- http://marc.info/?l=bugtraq&m=110237762807764&w=2
- http://www.securityfocus.com/bid/11822ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18363
- http://marc.info/?l=bugtraq&m=110237762807764&w=2
- http://www.securityfocus.com/bid/11822ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18363
FAQ
What is CVE-2004-1217?
CVE-2004-1217 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter to (1) Statsbrowse.asp...
How severe is CVE-2004-1217?
CVE-2004-1217 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1217?
Check the references section above for vendor advisories and patch information. Affected products include: Hosting Controller Hosting Controller.