CVE-2008-1717 - Vulnerability Details - OpenCVE

WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00516.

Key SSVC decision points have not yet been added.

Vendors	Products
Woltlab	Burning Board

Configuration 1 [-]

cpe:2.3:a:woltlab:burning_board:3.0.5:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2008-1718	WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html
http://secunia.com/advisories/29719
http://www.securityfocus.com/archive/1/490560/100/0/threaded
http://www.securityfocus.com/archive/1/490782/100/0/threaded
http://www.securityfocus.com/bid/28678
https://exchange.xforce.ibmcloud.com/vulnerabilities/41713

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-09T21:00:00

Updated: 2024-08-07T08:32:01.261Z

Reserved: 2008-04-09T00:00:00

Link: CVE-2008-1717

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-04-09T21:05:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-1717

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29719", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29719"}, {"name": "20080412 Re: WoltLab(R) Community Framework WCF 1.0.6", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/490782/100/0/threaded"}, {"name": "28678", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28678"}, {"name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html"}, {"name": "wbb-wcf-exception-info-disclosure(41713)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713"}, {"name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/490560/100/0/threaded"}, {"name": "20080408 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1717", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29719", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29719"}, {"name": "20080412 Re: WoltLab(R) Community Framework WCF 1.0.6", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490782/100/0/threaded"}, {"name": "28678", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28678"}, {"name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html"}, {"name": "wbb-wcf-exception-info-disclosure(41713)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713"}, {"name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490560/100/0/threaded"}, {"name": "20080408 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:32:01.261Z"}, "title": "CVE Program Container", "references": [{"name": "29719", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29719"}, {"name": "20080412 Re: WoltLab(R) Community Framework WCF 1.0.6", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/490782/100/0/threaded"}, {"name": "28678", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28678"}, {"name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html"}, {"name": "wbb-wcf-exception-info-disclosure(41713)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713"}, {"name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/490560/100/0/threaded"}, {"name": "20080408 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1717", "datePublished": "2008-04-09T21:00:00", "dateReserved": "2008-04-09T00:00:00", "dateUpdated": "2024-08-07T08:32:01.261Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:woltlab:burning_board:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "F7D2C3ED-2974-4585-8513-043327535178", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found."}, {"lang": "es", "value": "WoltLab Community Framework (WCF) 1.0.6 de WoltLab Burning Board 3.0.5 permite a atacantes remotos obtener la ruta completa a trav\u00e9s de los par\u00e1metros no v\u00e1lidos (1) page y (2) form, lo cual filtra la ruta de un manejador de excepciones cuando una clase v\u00e1lida no se puede encontrar."}], "id": "CVE-2008-1717", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-09T21:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html"}, {"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29719"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/490560/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/490782/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28678"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29719"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490560/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490782/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}