CVE-2005-0603
published 2005-02-28CVE-2005-0603: viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular…
PriorityP411medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
4.32%
90.0th percentile
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Exposure of Sensitive Information to an Unauthorized Actor
mitre_cwe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker. Some kinds of sensitive information include: private, personal information, such as personal messages, financial data, health records, geographic location, or contact details system status and environment, such as the operating system and installed packages business secrets and intellectual property network status and confi
CWE
Generation of Error Message Containing Sensitive Information
mitre_cwe
CWE-209 Generation of Error Message Containing Sensitive Information
CWE-209: Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Phase: System Configuration
Phase: Operation
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data. Often this will either reveal sensitive information which may be used to launch another, more focused attack or disclose private information stored in the server. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In turn, t
CWE
Incorrect Regular Expression
mitre_cwe
CWE-185 Incorrect Regular Expression
CWE-185: Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared.
When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Other. Impact: Unexpected State, Varies by Context. When the regular expression is not correctly specified, data might have a different format or type than the rest of the program expects, producing resultant weaknesses or errors.
Scope: Access Control. Impact: Bypass Protection Mechanism. In PHP, regular expression checks can sometimes be bypassed with a null byte, leading to any number of weakn
http://marc.info/?l=bugtraq&m=110943646112950&w=2http://neossecurity.net/Advisories/Advisory-06.txthttp://secunia.com/advisories/14413http://www.phpbb.com/phpBB/viewtopic.php?t=267563http://marc.info/?l=bugtraq&m=110943646112950&w=2http://neossecurity.net/Advisories/Advisory-06.txthttp://secunia.com/advisories/14413http://www.phpbb.com/phpBB/viewtopic.php?t=267563
2005-02-28
Published