CVE-2010-4660 - Vulnerability Details - OpenCVE

Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Status	Statusnet

Configuration 1 [-]

cpe:2.3:a:status:statusnet:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security-tracker.debian.org/tracker/CVE-2010-4660
https://www.openwall.com/lists/oss-security/2011/01/25/13

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-11-20T15:41:50

Updated: 2024-08-07T03:51:18.037Z

Reserved: 2011-01-03T00:00:00

Link: CVE-2010-4660

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-11-20T16:15:12.560

Modified: 2024-11-21T01:21:27.780

Link: CVE-2010-4660

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "statusnet", "vendor": "statusnet", "versions": [{"status": "affected", "version": "through 2010"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-20T15:41:50", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4660", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "statusnet", "version": {"version_data": [{"version_value": "through 2010"}]}}]}, "vendor_name": "statusnet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "https://security-tracker.debian.org/tracker/CVE-2010-4660", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"}, {"name": "https://www.openwall.com/lists/oss-security/2011/01/25/13", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:18.037Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4660", "datePublished": "2019-11-20T15:41:50", "dateReserved": "2011-01-03T00:00:00", "dateUpdated": "2024-08-07T03:51:18.037Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:status:statusnet:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F225BB6-BEC3-4F12-B9BE-9D8E9F6EBB19", "versionEndIncluding": "2010", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.."}, {"lang": "es", "value": "Vulnerabilidad no especificada en statusnet versiones hasta 2010 debido a la manera en que addslashesson es usada en escapes de cadenas SQL."}], "id": "CVE-2010-4660", "lastModified": "2024-11-21T01:21:27.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-20T16:15:12.560", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2010-4660"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2011/01/25/13"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}