Vulnerability Description
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dnnsoftware | Dotnetnuke | 4.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/60520
- http://secunia.com/advisories/37480Vendor Advisory
- http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/DeVendor Advisory
- http://www.securityfocus.com/bid/37139
- http://osvdb.org/60520
- http://secunia.com/advisories/37480Vendor Advisory
- http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/DeVendor Advisory
- http://www.securityfocus.com/bid/37139
FAQ
What is CVE-2009-4109?
CVE-2009-4109 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to a...
How severe is CVE-2009-4109?
CVE-2009-4109 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4109?
Check the references section above for vendor advisories and patch information. Affected products include: Dnnsoftware Dotnetnuke.