Upstream information
Description
BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 5 |
Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | None |
Availability Impact | None |
SUSE Security Advisories:
- openSUSE-SU-2024:14572-1, published Fri Dec 13 18:51:22 2024
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA MozillaFirefox-devel-31.7.0esr-0.8.1 |
SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA MozillaFirefox-3.5.9-0.1.1 |
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA MozillaFirefox-10.0-0.3.2 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA MozillaFirefox-17.0.4esr-0.10.42 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA MozillaFirefox-31.7.0esr-0.8.1 SUSE Linux Enterprise Software Development Kit 11 SP4 GA MozillaFirefox-devel-31.7.0esr-0.8.1 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-10600 openSUSE-Tumbleweed-2024-14572 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 01:48:55 2013CVE page last modified: Fri Dec 13 19:12:37 2024