1.0.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

arsc-really-simple-chat

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.

Vulnerable Configurations

Part	Description	Count
Application	Arsc_Really_Simple_Chat Arsc Really Simple Chat Arsc Really Simple Chat 1.0 Arsc Really Simple Chat Arsc Really Simple Chat 1.0.1	2

References

http://www.iss.net/security_center/static/8472.php
http://www.securityfocus.com/archive/1/262652
http://www.securityfocus.com/archive/1/262802
http://www.securityfocus.com/bid/4307