Vulnerability Description
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netenberg | Fantastico De Luxe | 2.8 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.htmlVendor Advisory
- http://www.securityfocus.com/bid/10390
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16197
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.htmlVendor Advisory
- http://www.securityfocus.com/bid/10390
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16197
FAQ
What is CVE-2004-2398?
CVE-2004-2398 is a vulnerability with a CVSS score of 2.1 (LOW). Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the fi...
How severe is CVE-2004-2398?
CVE-2004-2398 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2398?
Check the references section above for vendor advisories and patch information. Affected products include: Netenberg Fantastico De Luxe.