{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-07-01T00:00:00", "descriptions": [{"lang": "en", "value": "VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030701 VisNetic WebSite Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105733894003737&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://www.krusesecurity.dk/advisories/vis0103.txt"}, {"name": "8075", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/8075"}, {"name": "20030701 VisNetic WebSite Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_VULNWATCH"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html"}, {"name": "visnetic-website-path-disclosure(12483)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0456", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030701 VisNetic WebSite Path Disclosure Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105733894003737&w=2"}, {"name": "http://www.krusesecurity.dk/advisories/vis0103.txt", "refsource": "MISC", "url": "http://www.krusesecurity.dk/advisories/vis0103.txt"}, {"name": "8075", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8075"}, {"name": "20030701 VisNetic WebSite Path Disclosure Vulnerability", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html"}, {"name": "visnetic-website-path-disclosure(12483)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:58:10.187Z"}, "title": "CVE Program Container", "references": [{"name": "20030701 VisNetic WebSite Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105733894003737&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.krusesecurity.dk/advisories/vis0103.txt"}, {"name": "8075", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/8075"}, {"name": "20030701 VisNetic WebSite Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_VULNWATCH", "x_transferred"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html"}, {"name": "visnetic-website-path-disclosure(12483)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0456", "datePublished": "2003-07-15T04:00:00", "dateReserved": "2003-06-23T00:00:00", "dateUpdated": "2024-08-08T01:58:10.187Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deerfield:visnetic_website:3.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "0C09A9D8-CEBC-452C-B6F6-1F494FBF8CDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:deerfield:visnetic_website:3.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "376B1D26-E52C-4743-81CF-BE70C612531C", "vulnerable": true}, {"criteria": "cpe:2.3:a:deerfield:visnetic_website:3.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "3D16BAB6-ED35-4DF8-9D15-3EFB568C0310", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe."}, {"lang": "es", "value": "VisNetic WebSite 3.5 permite a atacantes remotos obtener la ruta completa del servidor mediante una petici\u00f3n conteniendo una carpeta que no existe, lo que filtra la ruta en un mensaje de error, como se demostr\u00f3 usando _vti_bin/fpcount.exe."}], "id": "CVE-2003-0456", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-08-18T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105733894003737&w=2"}, {"source": "cve@mitre.org", "url": "http://www.krusesecurity.dk/advisories/vis0103.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/8075"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=105733894003737&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.krusesecurity.dk/advisories/vis0103.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/8075"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}