CVE-2005-4856 Information
Description
The admin interface in eZ publish 3.5 before 3.5.7 3.6 before 3.6.5 3.7 before 3.7.3 and 3.8 before 20051110 does not properly handle authorization errors which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) \anything after the url\ or (2) a \wrong url.
Reference
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0
http://issues.ez.no/6703
The
admin
interface
in
eZ
publish
3.5
before
3.5.7
3.6
before
3.6.5
3.7
before
3.7.3
and
3.8
before
20051110
does
not
properly
handle
authorization
errors
which
allows
remote
attackers
to
obtain
sensitive
information
and
see
the
admin
pagelayout
and
associated
templates
via
a
request
with
(1)
\anything
after
the
url
or
(2)
a
\wrong
url.