9.8 - CVE-2004-2214

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2004-2214	First vendor Publication	2004-12-31
Vendor	Cve	Last vendor Modification	2024-02-08

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	9.8
Base Score	9.8	Environmental Score	9.8
impact SubScore	5.9	Temporal Score	9.8
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.

%	Id	Name
100 %	CWE-178	Failure to Resolve Case Sensitivity (CWE/SANS Top 25)

Type	Description	Count
Application	Mbedthis Appweb Http Server cpe:2.3:a:mbedthis:appweb_http_server::::::::	1

Id	Description
7391	AppWeb Mixed Case URL Authorization Bypass Mbedthis's AppWeb contains a flaw related to the secured URLs that may allow an attacker to access secured URLs without proper authentication by mixing cases. No further details have been provided.

Source	Url
BID	http://www.securityfocus.com/bid/10673
CONFIRM	http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html
OSVDB	http://www.osvdb.org/7391
SECUNIA	http://secunia.com/advisories/12011
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/16638

If you want to see full details history, please login or register.