2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2009-1803" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2009-05-28T14:30:00.390" ,
"lastModified" : "2019-12-10T15:34:59.420" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
} ,
{
"lang" : "es" ,
"value" : "FreePBX v2.5.1, v2.4.x, v2.5.x, y pre-release v2.6.x, genera distintos errores tras intentos de login fallidos dependiendo de si la cuenta de usuario existe o no, lo que permite a atacantes remotos listar nombres de usuarios v\u00e1alidos."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N" ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.0
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 10.0 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-200"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "455E97D6-B069-49D6-B510-3D4112A9E1B3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BF1E1278-3114-4BD1-B589-30B5313C9502"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "32D216B0-31D6-4288-8773-FB2438944492"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0A09E3F0-E1A6-4CC4-8134-89DF5DB6EA3B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5B2C1156-93B6-4D71-8D9C-ED6FC6C0AE74"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "11ACC1C9-A2C3-41CA-B608-C474B642A380"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D8A021AB-A142-4DAD-9EB0-2352C625D8CC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9C0B173F-2161-4E40-A712-90DA6B997820"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "613A39A4-976E-4535-9408-533F957F7F87"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B5B657C6-A2DF-432A-9F46-1157C630CB20"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9734B50E-BEA8-41DF-835F-7B15A9BB31E8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sangoma:freepbx:2.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E9645D4F-BB03-49AD-AE79-6FE990BF18FE"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://freepbx.org/trac/ticket/3660" ,
"source" : "cve@mitre.org"
} ,
2024-04-04 08:46:00 +00:00
{
"url" : "http://secunia.com/advisories/34772" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://www.osvdb.org/54263" ,
"source" : "cve@mitre.org"
} ,
2023-04-24 12:24:31 +02:00
{
"url" : "http://www.securityfocus.com/bid/34857" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
}
]
}
