CVE-2006-4003 - The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of

CVE-2006-4003

Summary

The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp. This vulnerability is addressed in the following product release: Hobbit Monitor, Hobbit Monitor, 4.1.2p2

References

Vulnerable Configurations

cpe:2.3:a:hobbit_monitor:hobbit_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:hobbit_monitor:hobbit_monitor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:hobbit_monitor:hobbit_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:hobbit_monitor:hobbit_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:hobbit_monitor:hobbit_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:hobbit_monitor:hobbit_monitor:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 17-10-2018 - 21:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	19317
bugtraq	20060802 Hobbit monitor security bugfix release - 4.1.2p2
confirm	http://sourceforge.net/project/shownotes.php?release_id=436594&group_id=128058
secunia	21317
vupen	ADV-2006-3139
xf	hobbitmonitor-config-information-disclosure(28204)

Last major update

17-10-2018 - 21:32

Published

07-08-2006 - 19:04

Last modified

17-10-2018 - 21:32