Vulnerability Description
Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Fedora Core | 1.0 |
References
- http://directory.fedora.redhat.com/wiki/FDS10Announcement
- http://secunia.com/advisories/18939PatchVendor Advisory
- http://www.securityfocus.com/bid/16729Patch
- https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121994Patch
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837
- http://directory.fedora.redhat.com/wiki/FDS10Announcement
- http://secunia.com/advisories/18939PatchVendor Advisory
- http://www.securityfocus.com/bid/16729Patch
- https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121994Patch
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837
FAQ
What is CVE-2005-3630?
CVE-2005-3630 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configurati...
How severe is CVE-2005-3630?
CVE-2005-3630 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3630?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Fedora Core.