CVE-2004-2398
published 2004-12-31CVE-2004-2398: Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and…
PriorityP44low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.34%
25.9th percentile
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.22 | 7.68.0-1ubuntu2.22 |
| haxx | curl | >= 0 < 7.81.0-1ubuntu1.16 | 7.81.0-1ubuntu1.16 |
| haxx | curl | >= 0 < 8.5.0-2ubuntu10.1 | 8.5.0-2ubuntu10.1 |
| netenberg | fantastico_de_luxe | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
curl vulnerabilities
osv·2024-04-29·CVSS 3.5
CVE-2024-2004 curl vulnerabilities
curl vulnerabilities
USN-6718-1 fixed vulnerabilities in curl. This update provides the
corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
Dan Fandrich discovered that curl would incorrectly use the default set of
protocols when a parameter option disabled all protocols without adding
any, contrary to expectations. This issue only affected Ubuntu 23.10.
(CVE-2024-2004)
It was discovered that curl incorrectly handled memory when limiting the
amount of headers when HTTP/2 server push is allowed. A remote attacker
could possibly use this issue to cause curl to consume resources, leading
to a denial of service. (CVE-2024-2398)
OSV
curl vulnerabilities
osv·2024-03-27·CVSS 3.5
CVE-2024-2004 curl vulnerabilities
curl vulnerabilities
Dan Fandrich discovered that curl would incorrectly use the default set of
protocols when a parameter option disabled all protocols without adding
any, contrary to expectations. This issue only affected Ubuntu 23.10.
(CVE-2024-2004)
It was discovered that curl incorrectly handled memory when limiting the
amount of headers when HTTP/2 server push is allowed. A remote attacker
could possibly use this issue to cause curl to consume resources, leading
to a denial of service. (CVE-2024-2398)
GHSA
GHSA-23r5-m2mx-p7h2: Netenberg Fantastico De Luxe 2
ghsa_unreviewed·2022-04-29
CVE-2004-2398 [LOW] GHSA-23r5-m2mx-p7h2: Netenberg Fantastico De Luxe 2
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.htmlhttp://www.securityfocus.com/bid/10390https://exchange.xforce.ibmcloud.com/vulnerabilities/16197http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.htmlhttp://www.securityfocus.com/bid/10390https://exchange.xforce.ibmcloud.com/vulnerabilities/16197
2004-12-31
Published