Vulnerabilities > CVE-2004-1990 - Input Validation vulnerability in Aldo Vargas Aldos web Server 1.5

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

aldo-vargas

NVD

Published: 2004-03-03

Updated: 2017-07-11

Summary

Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request.

Vulnerable Configurations

Part	Description	Count
Application	Aldo_Vargas Aldo Vargas Aldos WEB Server 1.5	1

References

http://marc.info/?l=bugtraq&m=108360629031227&w=2
http://secunia.com/advisories/11542
http://www.oliverkarow.de/research/AldosWebserverMultipleVulns.txt
http://www.osvdb.org/5880
http://www.securityfocus.com/bid/10262
https://exchange.xforce.ibmcloud.com/vulnerabilities/16047