CVE-2003-0456

{"id": "CVE-2003-0456", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-08-18T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105733894003737&w=2", "source": "cve@mitre.org"}, {"url": "http://www.krusesecurity.dk/advisories/vis0103.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/8075", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=105733894003737&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.krusesecurity.dk/advisories/vis0103.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/8075", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe."}, {"lang": "es", "value": "VisNetic WebSite 3.5 permite a atacantes remotos obtener la ruta completa del servidor mediante una petici\u00f3n conteniendo una carpeta que no existe, lo que filtra la ruta en un mensaje de error, como se demostr\u00f3 usando _vti_bin/fpcount.exe."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:deerfield:visnetic_website:3.5.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C09A9D8-CEBC-452C-B6F6-1F494FBF8CDC"}, {"criteria": "cpe:2.3:a:deerfield:visnetic_website:3.5.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "376B1D26-E52C-4743-81CF-BE70C612531C"}, {"criteria": "cpe:2.3:a:deerfield:visnetic_website:3.5.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D16BAB6-ED35-4DF8-9D15-3EFB568C0310"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}