Vulnerability Details : CVE-2005-4856
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".
Exploit prediction scoring system (EPSS) score for CVE-2005-4856
Probability of exploitation activity in the next 30 days: 0.20%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 57 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-4856
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2005-4856
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-4856
Products affected by CVE-2005-4856
- cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:ez:ez_publish:3.7.0:*:*:*:*:*:*:*