CVE-2009-4109

Опубликовано: 29 нояб. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.

Ссылки

http://osvdb.org/60520
http://secunia.com/advisories/37480
Vendor Advisory
http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx
Vendor Advisory
http://www.securityfocus.com/bid/37139
http://osvdb.org/60520
http://secunia.com/advisories/37480
Vendor Advisory
http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx
Vendor Advisory
http://www.securityfocus.com/bid/37139

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dotnetnuke:dotnetnuke:4.0:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.4.1:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.2:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.4:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.5:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.0:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.2:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.7.0:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.0:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.1:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.2:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.3:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.4:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.9:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.9.1:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.9.2:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:5.0:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:5.1:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:5.1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00346

Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-vc99-gqjv-x726

github

почти 4 года назад