CVE-2011-3707 — Sensitive Information Exposure in Php-openid

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 46.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Janrain Php-openid

Timeline

PublishedSep 23

Latest updateMay 17

Description

JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDjanrain/php-openid2.2.2

🔴Vulnerability Details

GHSA

GHSA-q5wh-wxwj-v2j3: JanRain PHP OpenID library (aka php-openid) 2↗2022-05-17

▶

OSV

CVE-2011-3707: JanRain PHP OpenID library (aka php-openid) 2↗2011-09-23

▶

CVEList

CVE-2011-3707: JanRain PHP OpenID library (aka php-openid) 2↗2011-09-23

▶

💬Community

Bugzilla

CVE-2011-3707 php-pear-Auth-OpenID: installation path disclosure via a direct request to a .php file↗2011-09-26

▶

Bugzilla

CVE-2011-3707 php-pear-Auth-OpenID: installation path disclosure via a direct request to a .php file [fedora-all]↗2011-09-26

▶