CVE-2009-4109: Infoleak
First published: Sun Nov 29 2009(Updated: )
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| DNN (DotNetNuke) | =4.0 | |
| DNN (DotNetNuke) | =4.3.5 | |
| DNN (DotNetNuke) | =4.4.1 | |
| DNN (DotNetNuke) | =4.5.2 | |
| DNN (DotNetNuke) | =4.5.4 | |
| DNN (DotNetNuke) | =4.5.5 | |
| DNN (DotNetNuke) | =4.6.0 | |
| DNN (DotNetNuke) | =4.6.1 | |
| DNN (DotNetNuke) | =4.6.2 | |
| DNN (DotNetNuke) | =4.7.0 | |
| DNN (DotNetNuke) | =4.8.0 | |
| DNN (DotNetNuke) | =4.8.1 | |
| DNN (DotNetNuke) | =4.8.2 | |
| DNN (DotNetNuke) | =4.8.3 | |
| DNN (DotNetNuke) | =4.8.4 | |
| DNN (DotNetNuke) | =4.9 | |
| DNN (DotNetNuke) | =4.9.1 | |
| DNN (DotNetNuke) | =4.9.2 | |
| DNN (DotNetNuke) | =5.0 | |
| DNN (DotNetNuke) | =5.1 | |
| DNN (DotNetNuke) | =5.1.1 | |
| DNN (DotNetNuke) | =5.1.2 | |
| DNN (DotNetNuke) | =5.1.3 | |
| DNN (DotNetNuke) | =5.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-4109?
CVE-2009-4109 is categorized as a medium severity vulnerability due to information disclosure risks.
How do I fix CVE-2009-4109?
To mitigate CVE-2009-4109, update to a fixed version of DotNetNuke that addresses the vulnerability.
What type of attack does CVE-2009-4109 allow?
CVE-2009-4109 allows remote attackers to access sensitive version information of the software.
Which versions of DotNetNuke are affected by CVE-2009-4109?
CVE-2009-4109 affects DotNetNuke versions from 4.0 to 5.1.4.
Can anonymous users exploit CVE-2009-4109?
Yes, CVE-2009-4109 allows anonymous users to access the install wizard and potentially expose sensitive information.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/dotnetnuke
- canonical/dnn (dotnetnuke)
- version/dnn (dotnetnuke)/4.0
- version/dnn (dotnetnuke)/4.3.5
- version/dnn (dotnetnuke)/4.4.1
- version/dnn (dotnetnuke)/4.5.2
- version/dnn (dotnetnuke)/4.5.4
- version/dnn (dotnetnuke)/4.5.5
- version/dnn (dotnetnuke)/4.6.0
- version/dnn (dotnetnuke)/4.6.1
- version/dnn (dotnetnuke)/4.6.2
- version/dnn (dotnetnuke)/4.7.0
- version/dnn (dotnetnuke)/4.8.0
- version/dnn (dotnetnuke)/4.8.1
- version/dnn (dotnetnuke)/4.8.2
- version/dnn (dotnetnuke)/4.8.3
- version/dnn (dotnetnuke)/4.8.4
- version/dnn (dotnetnuke)/4.9
- version/dnn (dotnetnuke)/4.9.1
- version/dnn (dotnetnuke)/4.9.2
- version/dnn (dotnetnuke)/5.0
- version/dnn (dotnetnuke)/5.1
- version/dnn (dotnetnuke)/5.1.1
- version/dnn (dotnetnuke)/5.1.2
- version/dnn (dotnetnuke)/5.1.3
- version/dnn (dotnetnuke)/5.1.4