CVE-2012-0263
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
monitor / index.php en el Monitor y Appliance de op5 anteriores a 5.5.1 permite a usuarios remotos autenticados obtener información confidencial, como bases de datos y las credenciales del usuario a través de los mensajes de error que se desencadenan por (1) un parámetro hoststatustypes malformado en estado/servicio/ todos o (2) una solicitud manipulada en las configuraciones.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-12-21 CVE Reserved
- 2013-12-31 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2012/Jan/62 | Mailing List |
|
| http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance | X_refsource_confirm | |
| http://www.osvdb.org/78067 | Vdb Entry | |
| https://bugs.op5.com/view.php?id=5094 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/47344 | 2014-01-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Op5 Search vendor "Op5" | Monitor Search vendor "Op5" for product "Monitor" | <= 5.5.0 Search vendor "Op5" for product "Monitor" and version " <= 5.5.0" | - |
Affected
| ||||||
| Op5 Search vendor "Op5" | Monitor Search vendor "Op5" for product "Monitor" | 5.3.5 Search vendor "Op5" for product "Monitor" and version "5.3.5" | - |
Affected
| ||||||
| Op5 Search vendor "Op5" | Monitor Search vendor "Op5" for product "Monitor" | 5.4.0 Search vendor "Op5" for product "Monitor" and version "5.4.0" | - |
Affected
| ||||||
| Op5 Search vendor "Op5" | Monitor Search vendor "Op5" for product "Monitor" | 5.4.2 Search vendor "Op5" for product "Monitor" and version "5.4.2" | - |
Affected
| ||||||