Vulnerability Description
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citysoft | Community Enterprise | 4.x |
References
- http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html
- http://secunia.com/advisories/18145
- http://www.osvdb.org/21857
- http://www.osvdb.org/21858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23822
- http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html
- http://secunia.com/advisories/18145
- http://www.osvdb.org/21857
- http://www.osvdb.org/21858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23822
FAQ
What is CVE-2005-4384?
CVE-2005-4384 is a vulnerability with a CVSS score of 6.4 (MEDIUM). CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow....
How severe is CVE-2005-4384?
CVE-2005-4384 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4384?
Check the references section above for vendor advisories and patch information. Affected products include: Citysoft Community Enterprise.