CVE-2005-4856 — MEDIUM (5.0)

Q: How severe is CVE-2005-4856?

CVE-2005-4856 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-4856?

Check the references section above for vendor advisories and patch information. Affected products include: Ez Ez Publish.

Vulnerability Description

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ez	Ez Publish	<= 3.8.0

Related Weaknesses (CWE)

CWE-19

References

FAQ

What is CVE-2005-4856?

CVE-2005-4856 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain s...

How severe is CVE-2005-4856?

CVE-2005-4856 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-4856?

Check the references section above for vendor advisories and patch information. Affected products include: Ez Ez Publish.