Vulnerability Details : CVE-2012-0263
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
Vulnerability category: Information leak
Products affected by CVE-2012-0263
- cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0263
0.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0263
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2012-0263
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0263
-
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
Exploit
-
http://seclists.org/fulldisclosure/2012/Jan/62
Full Disclosure: OP5 Monitor - Multiple Vulnerabilities
-
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
OP5: Offering Enterprise IT Monitoring and Log Analysis
-
https://bugs.op5.com/view.php?id=5094
Jump to