CVE-2011-2891 - Vulnerability Details - OpenCVE

Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joomla	Joomla\!

Configuration 1 [-]

OR	cpe:2.3:a:joomla:joomla\!:1.6:alpha::::::
	cpe:2.3:a:joomla:joomla\!:1.6:alpha2::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta1::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta10::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta11::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta12::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta13::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta14::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta15::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta2::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta3::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta4::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta5::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta6::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta7::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta8::::::
	cpe:2.3:a:joomla:joomla\!:1.6:beta9::::::
	cpe:2.3:a:joomla:joomla\!:1.6:rc1::::::
	cpe:2.3:a:joomla:joomla\!:1.6.0:::::::*
	cpe:2.3:a:joomla:joomla\!:1.6.1:::::::*

No data.

References

Link	Providers
http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html
http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html
http://www.openwall.com/lists/oss-security/2011/06/27/6
http://www.openwall.com/lists/oss-security/2011/06/27/8
https://exchange.xforce.ibmcloud.com/vulnerabilities/68881

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-07-27T20:00:00

Updated: 2024-08-06T23:15:31.453Z

Reserved: 2011-07-27T00:00:00

Link: CVE-2011-2891

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-07-27T20:55:03.867

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-2891

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "joomla-itemid-path-disclosure(68881)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68881"}, {"tags": ["x_refsource_MISC"], "url": "http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html"}, {"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/27/8"}, {"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-2891", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "joomla-itemid-path-disclosure(68881)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68881"}, {"name": "http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html", "refsource": "MISC", "url": "http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html"}, {"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/06/27/8"}, {"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"}, {"name": "http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html", "refsource": "CONFIRM", "url": "http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:15:31.453Z"}, "title": "CVE Program Container", "references": [{"name": "joomla-itemid-path-disclosure(68881)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68881"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html"}, {"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/27/8"}, {"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-2891", "datePublished": "2011-07-27T20:00:00", "dateReserved": "2011-07-27T00:00:00", "dateUpdated": "2024-08-06T23:15:31.453Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:alpha:*:*:*:*:*:*", "matchCriteriaId": "C15380EB-6543-4C95-9B7F-35DDD99D1C37", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:alpha2:*:*:*:*:*:*", "matchCriteriaId": "C95EE9E1-CB59-4E8B-B57B-991295790328", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta1:*:*:*:*:*:*", "matchCriteriaId": "605F893A-2612-4524-B24B-0468F5EE2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta10:*:*:*:*:*:*", "matchCriteriaId": "21D252E2-1961-4D4F-8471-584CF6CB39E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta11:*:*:*:*:*:*", "matchCriteriaId": "8B0930E8-3E98-4DF5-AED3-146D34F843D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta12:*:*:*:*:*:*", "matchCriteriaId": "C732CFEF-CF4D-4EB7-A730-A5764B40A9BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta13:*:*:*:*:*:*", "matchCriteriaId": "10880E1E-8478-485C-AD9C-ABE4C51D2EA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta14:*:*:*:*:*:*", "matchCriteriaId": "816A10B4-EC28-47EF-BD47-7F431AB77561", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta15:*:*:*:*:*:*", "matchCriteriaId": "F9085C7C-6CA0-4423-93B1-9E8AF6D2978E", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta2:*:*:*:*:*:*", "matchCriteriaId": "5BCAD021-E5B2-4232-81FF-BB04908F4FE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta3:*:*:*:*:*:*", "matchCriteriaId": "0B842E1A-348B-4644-930E-CF46E1E38E70", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta4:*:*:*:*:*:*", "matchCriteriaId": "D08BB717-4841-482D-A1AD-E8DF769E57C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta5:*:*:*:*:*:*", "matchCriteriaId": "065980D5-AEBA-44B1-A58D-8BF8FFF674F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta6:*:*:*:*:*:*", "matchCriteriaId": "EBC711DC-C790-4558-B305-A812EE2290B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta7:*:*:*:*:*:*", "matchCriteriaId": "37DE1D53-EE34-4C2C-B2AD-3DD58254C874", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta8:*:*:*:*:*:*", "matchCriteriaId": "9E11C49B-2A3E-4D52-BEFA-CDDB751E20AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:beta9:*:*:*:*:*:*", "matchCriteriaId": "1D6CA7BE-DD88-4899-A284-C9E4F97F4005", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "2C686887-75D3-4682-AE61-245D10EEAADE", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B15F42BC-7826-493B-8C5A-D70A7263DCB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "AAC6CF00-2D88-4B97-A496-DCBE1B4E9A00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488."}, {"lang": "es", "value": "Joomla! v1.6.x anterior a v1.6.2 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un par\u00e1metro de array Itemid vac\u00edo sobre index.php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, una vulnerabilidad diferente a CVE-2011-2488."}], "id": "CVE-2011-2891", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-07-27T20:55:03.867", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html"}, {"source": "cve@mitre.org", "url": "http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2011/06/27/8"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2011/06/27/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68881"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}