CVE-2012-0263

monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
op5monitor
𝑥
≤ 5.5.0
op5monitor
5.3.5
op5monitor
5.4.0
op5monitor
5.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2012/Jan/62
http://secunia.com/advisories/47344
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
http://www.osvdb.org/78067
https://bugs.op5.com/view.php?id=5094
http://seclists.org/fulldisclosure/2012/Jan/62
http://secunia.com/advisories/47344
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
http://www.osvdb.org/78067
https://bugs.op5.com/view.php?id=5094