CVE-2012-0263

OP5 Command Execution / Information Disclosure

Severity Score

4.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.

monitor / index.php en el Monitor y Appliance de op5 anteriores a 5.5.1 permite a usuarios remotos autenticados obtener información confidencial, como bases de datos y las credenciales del usuario a través de los mensajes de error que se desencadenan por (1) un parámetro hoststatustypes malformado en estado/servicio/ todos o (2) una solicitud manipulada en las configuraciones.

OP5 suffers from poor session management, credential leakage and multiple remote root command execution vulnerabilities.

*Credits: N/A

CVSS Scores

NISTv2 4.0

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-12-21 CVE Reserved
2012-01-09 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2024-11-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (6)

URL	Tag	Source
http://seclists.org/fulldisclosure/2012/Jan/62	Mailing List
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance	X_refsource_confirm
http://www.osvdb.org/78067	Vdb Entry
https://bugs.op5.com/view.php?id=5094	X_refsource_confirm

URL	Date	SRC
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/47344	2014-01-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Op5 Search vendor "Op5"		Monitor Search vendor "Op5" for product "Monitor"				<= 5.5.0 Search vendor "Op5" for product "Monitor" and version " <= 5.5.0"		-		Affected
Op5 Search vendor "Op5"		Monitor Search vendor "Op5" for product "Monitor"				5.3.5 Search vendor "Op5" for product "Monitor" and version "5.3.5"		-		Affected
Op5 Search vendor "Op5"		Monitor Search vendor "Op5" for product "Monitor"				5.4.0 Search vendor "Op5" for product "Monitor" and version "5.4.0"		-		Affected
Op5 Search vendor "Op5"		Monitor Search vendor "Op5" for product "Monitor"				5.4.2 Search vendor "Op5" for product "Monitor" and version "5.4.2"		-		Affected