{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-11-28T11:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "37480", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37480"}, {"name": "37139", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37139"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx"}, {"name": "60520", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/60520"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4109", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "37480", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37480"}, {"name": "37139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37139"}, {"name": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx", "refsource": "CONFIRM", "url": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx"}, {"name": "60520", "refsource": "OSVDB", "url": "http://osvdb.org/60520"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:54:10.136Z"}, "title": "CVE Program Container", "references": [{"name": "37480", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37480"}, {"name": "37139", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37139"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx"}, {"name": "60520", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/60520"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4109", "datePublished": "2009-11-28T11:00:00.000Z", "dateReserved": "2009-11-28T00:00:00.000Z", "dateUpdated": "2024-09-16T17:49:15.688Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "31D0AA24-9FA3-4AFD-920A-295898473918", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "34AF4B04-B86C-4BD0-94D9-3157AC55E542", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "6FB3D130-5DC4-4FE6-B178-EF1638E3A43D", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "68F28416-0ABF-4B2F-87A4-C4EC4D0CA227", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "F1681BA4-9C05-45DF-B51B-D89633EB0C70", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "884BA1BF-BD03-4437-A02C-825B59634A76", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C627743E-9B8B-431B-A513-89CBF7C1E742", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "677B54A1-6945-459F-9ADA-D6D9E89F2436", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E6D101EF-4506-45D8-9717-5EE9A99B0A43", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C7059E6A-4A54-4364-8977-400C18905D01", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "92A018EB-3C16-44BB-A872-E80D6F165395", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "1285FF8E-EDB0-4C50-815B-DE40B1786601", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "625C6564-F098-4C9B-AFE7-6686275A1016", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "6293D07D-4C07-4A5D-9532-455A7D5AA6BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "250EE0BC-F79D-40D0-A185-8307F82DA8BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.9:*:*:*:*:*:*:*", "matchCriteriaId": "2902A37C-97AA-42CD-A038-3DA1A6E4653A", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "403D90A9-C191-496A-BBB9-4915D39B675D", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "6B40DA1D-12CF-4DFF-9364-D60A53ED898D", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "102921DE-5513-4BCB-8383-D22A78C59735", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "7DC26BE5-265B-455A-83AE-E289A0C79B3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DFAD2896-6A9C-4953-8074-E689F359C900", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "74B90994-F7F0-4BC9-99E4-E798B98899AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "9A6FB531-44C1-4EA1-B69D-0D591673D7C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "2B3A0857-2E5D-4BCD-AAE6-D50FCAE6FF67", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information."}, {"lang": "es", "value": "El asistente de instalaci\u00f3n en DotNetNuke v4.0 a la v5.1.4, no prev\u00e9 el acceso de usuarios an\u00f3nimos a la funcionalidad relacionada con la necesidad de una actualizaci\u00f3n, lo que permite a atacantes remotos acceder a la informaci\u00f3n de la versi\u00f3n de la aplicaci\u00f3n y posiblemente a otros datos."}], "id": "CVE-2009-4109", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-11-29T13:08:29.610", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/60520"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37480"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/37139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/60520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/37139"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}