CVE-2005-4015

Опубликовано: 05 дек. 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php.

Ссылки

http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html
Vendor Advisory
http://freewebstat.com/changelog-english.html
http://securityreason.com/securityalert/214
http://www.ush.it/2005/11/19/php-web-statistik/
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23386
http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html
Vendor Advisory
http://freewebstat.com/changelog-english.html
http://securityreason.com/securityalert/214
http://www.ush.it/2005/11/19/php-web-statistik/
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23386

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00463

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-prw3-h4wf-qrgf

github

почти 4 года назад