Detections
Analytics

CVE-2004-1572

medium

Description

AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17569

http://www.securityfocus.com/bid/11301

http://securitytracker.com/id?1011484

http://marc.info/?l=bugtraq&m=109664986210763&w=2

http://echo.or.id/adv/adv07-y3dips-2004.txt

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium