Vulnerability Description
PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php Web | Statistik | 1.4 |
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.htmlVendor Advisory
- http://freewebstat.com/changelog-english.html
- http://securityreason.com/securityalert/214
- http://www.ush.it/2005/11/19/php-web-statistik/PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23386
- http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.htmlVendor Advisory
- http://freewebstat.com/changelog-english.html
- http://securityreason.com/securityalert/214
- http://www.ush.it/2005/11/19/php-web-statistik/PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23386
FAQ
What is CVE-2005-4015?
CVE-2005-4015 is a vulnerability with a CVSS score of 5.0 (MEDIUM). PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using...
How severe is CVE-2005-4015?
CVE-2005-4015 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4015?
Check the references section above for vendor advisories and patch information. Affected products include: Php Web Statistik.