CVE-2012-0263 (GCVE-0-2012-0263)

Vulnerability from cvelistv5 – Published: 2013-12-31 20:00 – Updated: 2024-08-06 18:16
VLAI
Summary
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.osvdb.org/78067 vdb-entryx_refsource_OSVDB
https://bugs.op5.com/view.php?id=5094 x_refsource_CONFIRM
http://www.op5.com/news/support-news/fixed-vulner… x_refsource_CONFIRM
http://secunia.com/advisories/47344 third-party-advisoryx_refsource_SECUNIA
http://seclists.org/fulldisclosure/2012/Jan/62 mailing-listx_refsource_FULLDISC
http://www.ekelow.se/file_uploads/Advisories/ekel… x_refsource_MISC
Date Public
2012-01-02 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:16:20.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "78067",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/78067"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.op5.com/view.php?id=5094"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
          },
          {
            "name": "47344",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47344"
          },
          {
            "name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2012/Jan/62"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-29T17:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "78067",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/78067"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.op5.com/view.php?id=5094"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
        },
        {
          "name": "47344",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47344"
        },
        {
          "name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2012/Jan/62"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-0263",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "78067",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/78067"
            },
            {
              "name": "https://bugs.op5.com/view.php?id=5094",
              "refsource": "CONFIRM",
              "url": "https://bugs.op5.com/view.php?id=5094"
            },
            {
              "name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
              "refsource": "CONFIRM",
              "url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
            },
            {
              "name": "47344",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/47344"
            },
            {
              "name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2012/Jan/62"
            },
            {
              "name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
              "refsource": "MISC",
              "url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-0263",
    "datePublished": "2013-12-31T20:00:00.000Z",
    "dateReserved": "2011-12-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:16:20.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2012-0263",
      "date": "2026-06-13",
      "epss": "0.00428",
      "percentile": "0.63016"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.5.0\", \"matchCriteriaId\": \"B57AA6A1-CF28-46DC-80FA-67F1023933EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5249E2B6-4B2B-4A4D-9C39-8362B422B0E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"108F8953-B90D-4341-8AD5-39E94F7F320B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14C73510-4999-4C96-9705-59274F97BA77\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.\"}, {\"lang\": \"es\", \"value\": \"monitor / index.php en el Monitor  y Appliance de  op5 anteriores a 5.5.1 permite a usuarios remotos autenticados  obtener informaci\\u00f3n confidencial, como bases de datos y las credenciales del usuario a trav\\u00e9s de los mensajes de error que se desencadenan por (1) un par\\u00e1metro  hoststatustypes malformado en  estado/servicio/ todos o (2) una solicitud manipulada en las configuraciones.\"}]",
      "id": "CVE-2012-0263",
      "lastModified": "2024-11-21T01:34:41.193",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-12-31T20:55:15.073",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2012/Jan/62\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/47344\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/78067\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.op5.com/view.php?id=5094\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2012/Jan/62\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/47344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/78067\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.op5.com/view.php?id=5094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-0263\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-12-31T20:55:15.073\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.\"},{\"lang\":\"es\",\"value\":\"monitor / index.php en el Monitor  y Appliance de  op5 anteriores a 5.5.1 permite a usuarios remotos autenticados  obtener informaci\u00f3n confidencial, como bases de datos y las credenciales del usuario a trav\u00e9s de los mensajes de error que se desencadenan por (1) un par\u00e1metro  hoststatustypes malformado en  estado/servicio/ todos o (2) una solicitud manipulada en las configuraciones.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.5.0\",\"matchCriteriaId\":\"B57AA6A1-CF28-46DC-80FA-67F1023933EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5249E2B6-4B2B-4A4D-9C39-8362B422B0E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108F8953-B90D-4341-8AD5-39E94F7F320B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14C73510-4999-4C96-9705-59274F97BA77\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2012/Jan/62\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/47344\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/78067\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.op5.com/view.php?id=5094\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2012/Jan/62\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/47344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/78067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.op5.com/view.php?id=5094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.