Vulnerability Description
paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php Arena | Pafiledb | 3.1 |
References
- http://echo.or.id/adv/adv09-y3dips-2004.txt
- http://marc.info/?l=bugtraq&m=110245123927025&w=2
- http://www.securityfocus.com/bid/11818Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18364
- http://echo.or.id/adv/adv09-y3dips-2004.txt
- http://marc.info/?l=bugtraq&m=110245123927025&w=2
- http://www.securityfocus.com/bid/11818Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18364
FAQ
What is CVE-2004-1219?
CVE-2004-1219 is a vulnerability with a CVSS score of 5.0 (MEDIUM). paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attack...
How severe is CVE-2004-1219?
CVE-2004-1219 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1219?
Check the references section above for vendor advisories and patch information. Affected products include: Php Arena Pafiledb.