Vulnerability Description
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Risearch | Risearch | 1.0.01 |
| Risearch | Risearch Pro | 3.2.6 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=109095196526490&w=2Mailing List
- http://secunia.com/advisories/12173Broken LinkVendor Advisory
- http://securitytracker.com/id?1010788Broken LinkThird Party AdvisoryVDB Entry
- http://www.osvdb.org/8265Broken Link
- http://www.osvdb.org/8266Broken Link
- http://www.securityfocus.com/bid/10812Broken LinkExploitThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16817Third Party AdvisoryVDB Entry
- http://marc.info/?l=bugtraq&m=109095196526490&w=2Mailing List
- http://secunia.com/advisories/12173Broken LinkVendor Advisory
- http://securitytracker.com/id?1010788Broken LinkThird Party AdvisoryVDB Entry
- http://www.osvdb.org/8265Broken Link
- http://www.osvdb.org/8266Broken Link
- http://www.securityfocus.com/bid/10812Broken LinkExploitThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16817Third Party AdvisoryVDB Entry
FAQ
What is CVE-2004-2061?
CVE-2004-2061 is a vulnerability with a CVSS score of 9.8 (CRITICAL). RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or...
How severe is CVE-2004-2061?
CVE-2004-2061 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2004-2061?
Check the references section above for vendor advisories and patch information. Affected products include: Risearch Risearch, Risearch Risearch Pro.