CVE-2011-3779
published 2011-09-24CVE-2011-3779: PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error…
PriorityP49medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.23%
65.1th percentile
PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| idevspot | phphostbot | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8m22-4hf7-jcj5: PhpHostBot 2
ghsa_unreviewed·2022-05-17
CVE-2011-3779 [MEDIUM] CWE-200 GHSA-8m22-4hf7-jcj5: PhpHostBot 2
PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files.
Red Hat
openssl: malformed RFC 3779 data can cause assertion failures
vendor_redhat·2012-01-04·CVSS 4.3
CVE-2011-4577 [MEDIUM] openssl: malformed RFC 3779 data can cause assertion failures
openssl: malformed RFC 3779 data can cause assertion failures
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
Statement: This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4 and 5.
Package: openssl (Red Hat Enterprise Linux 4) - Not affected
Package: openssl096b (Red Hat Enterprise Linux 4) - Not affected
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_READMEhttp://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PhpHostBot_2.0http://www.openwall.com/lists/oss-security/2011/06/27/6http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_READMEhttp://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PhpHostBot_2.0http://www.openwall.com/lists/oss-security/2011/06/27/6
2011-09-24
Published