Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2003-0153 | First vendor Publication | 2003-04-02 |
| Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0153 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 265-1 (bonsai) File : nvt/deb_265_1.nasl |
| 2005-11-03 | Name : Various dangerous cgi scripts File : nvt/dangerous_cgis.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 5463 | Mozilla Bonsai multidiff.cgi Path Disclosure Bonsai contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker requests the "multidiff.cgi" script with no arguments, which will disclose the physical path resulting in a loss of confidentiality. |
| 5462 | Mozilla Bonsai cvsview2.cgi Path Disclosure Bonsai contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the "cvsview2.cgi" script without arguments, which will disclose the physical path resulting in a loss of confidentiality. |
| 5459 | Mozilla Bonsai cvslog.cgi Path Disclosure Bonsai contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "rev" variable upon submission to the "cvslog.cgi" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | multidiff.cgi access RuleID : 2199-community - Revision : 18 - Type : SERVER-WEBAPP |
| 2014-01-10 | multidiff.cgi access RuleID : 2199 - Revision : 18 - Type : SERVER-WEBAPP |
| 2014-01-10 | cvslog.cgi access RuleID : 2198-community - Revision : 18 - Type : SERVER-WEBAPP |
| 2014-01-10 | cvslog.cgi access RuleID : 2198 - Revision : 18 - Type : SERVER-WEBAPP |
| 2014-01-10 | cvsview2.cgi access RuleID : 2197-community - Revision : 19 - Type : SERVER-WEBAPP |
| 2014-01-10 | cvsview2.cgi access RuleID : 2197 - Revision : 19 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-265.nasl - Type : ACT_GATHER_INFO |
| 2003-06-17 | Name : The remote web server may contain some dangerous CGI scripts. File : dangerous_cgis.nasl - Type : ACT_ATTACK |
| 2003-03-22 | Name : The remote host contains a CGI which is vulnerable to multiple flaws allowing... File : bonsai_flaws.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:23:33 |
|
| 2024-11-28 12:05:31 |
|
| 2021-05-04 12:02:01 |
|
| 2021-04-22 01:02:07 |
|
| 2020-05-23 00:15:21 |
|
| 2017-07-11 12:01:15 |
|
| 2016-10-18 12:01:09 |
|
| 2014-02-17 10:25:54 |
|
| 2014-01-19 21:21:54 |
|
| 2013-05-11 11:50:46 |
|
