CVE-2005-0685 (CNNVD-200503-078)
中文标题:
PE多个远程访问验证漏洞
英文标题:
Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to ...
漏洞描述
中文描述:
PE是基于java的集成了虚拟社区,文档库,消息板等功能的程序,可以模仿已有开放源码软件所提供的功能。 PE中存在访问验证错误,可能允许恶意用户重新命名或删除重要的目录对象,这可能导致所有的函数库,论坛和/或特定内容拒绝服务,直到恢复或正确的重新命名目录对象。 受影响的站点包括: http://www.les-fontaines-community.com/pe/repository/displaynavigator.jsp http://forums.palmone.com/pe/repository/displaynavigator.jsp http://tivo.participate.com/pe/index.jsp http://pluggedin.palmone.com/regac/pluggedin/login.jsp http://logitech.participate.com/index.html http://auditorium.audi.com/pe/index.jsp http://mcgraw.participate.com/pe/index.jsp http://thomson.participate.com/index.html
英文描述:
Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| outstart | participate_enterprise | 3 | - | - |
cpe:2.3:a:outstart:participate_enterprise:3:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
AV:N/AC:L/Au:N/C:P/I:P/A:P
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2005-0685 |
2025-11-11 15:17:33 | 2025-11-11 07:32:25 |
| NVD | nvd_CVE-2005-0685 |
2025-11-11 14:51:18 | 2025-11-11 07:41:11 |
| CNNVD | cnnvd_CNNVD-200503-078 |
2025-11-11 15:08:46 | 2025-11-11 07:48:57 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200503-078
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.5
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 1
- data_sources: ['cve'] -> ['cve', 'nvd']