CVE-2008-6871 - Vulnerability Details - OpenCVE

Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.02835.

Key SSVC decision points have not yet been added.

Vendors	Products
Merlix	Educate Server

Configuration 1 [-]

cpe:2.3:a:merlix:educate_server:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/33018
http://www.osvdb.org/50524
https://exchange.xforce.ibmcloud.com/vulnerabilities/47108
https://www.exploit-db.com/exploits/7348

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-23T19:00:00

Updated: 2024-08-07T11:49:01.331Z

Reserved: 2009-07-23T00:00:00

Link: CVE-2008-6871

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-07-23T19:30:01.017

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-6871

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "50524", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/50524"}, {"name": "33018", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33018"}, {"name": "educateservert-db-info-disclosure(47108)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47108"}, {"name": "7348", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7348"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6871", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "50524", "refsource": "OSVDB", "url": "http://www.osvdb.org/50524"}, {"name": "33018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33018"}, {"name": "educateservert-db-info-disclosure(47108)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47108"}, {"name": "7348", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7348"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:49:01.331Z"}, "title": "CVE Program Container", "references": [{"name": "50524", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/50524"}, {"name": "33018", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33018"}, {"name": "educateservert-db-info-disclosure(47108)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47108"}, {"name": "7348", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7348"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6871", "datePublished": "2009-07-23T19:00:00", "dateReserved": "2009-07-23T00:00:00", "dateUpdated": "2024-08-07T11:49:01.331Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:merlix:educate_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "376FFA15-E611-4A06-832E-B52E80D6DC60", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request."}, {"lang": "es", "value": "Merlix Educate Server almacena el archivo db.mdb bajo el archivo ra\u00edz web sin el suficiente control de acceso, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa."}], "id": "CVE-2008-6871", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-23T19:30:01.017", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33018"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/50524"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47108"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7348"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.osvdb.org/50524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7348"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}