Lucene search

[email protected]CVE-2007-0242

HistoryApr 03, 2007 - 4:19 p.m.

CVE-2007-0242

2007-04-0316:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0242

utf-8 decoder

cross-site scripting

xss

directory traversal

nvd

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.027 Low

EPSS

Percentile

90.4%

JSON

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

CPENameOperatorVersion
qt:qtqteq3.3.8
qt:qtqteq4.2.3

CPE	Name	Operator	Version
qt:qt	qt	eq	3.3.8
qt:qt	qt	eq	4.2.3

References

ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc

fedoranews.org/updates/FEDORA-2007-703.shtml

rhn.redhat.com/errata/RHSA-2011-1324.html

secunia.com/advisories/24699

secunia.com/advisories/24705

secunia.com/advisories/24726

secunia.com/advisories/24727

secunia.com/advisories/24759

secunia.com/advisories/24797

secunia.com/advisories/24847

secunia.com/advisories/24889

secunia.com/advisories/25263

secunia.com/advisories/26804

secunia.com/advisories/26857

secunia.com/advisories/27108

secunia.com/advisories/27275

secunia.com/advisories/46117

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591

support.avaya.com/elmodocs2/security/ASA-2007-424.htm

support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html

support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html

www.debian.org/security/2007/dsa-1292

www.mandriva.com/security/advisories?name=MDKSA-2007:074

www.mandriva.com/security/advisories?name=MDKSA-2007:075

www.mandriva.com/security/advisories?name=MDKSA-2007:076

www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html

www.novell.com/linux/security/advisories/2007_6_sr.html

www.redhat.com/support/errata/RHSA-2007-0883.html

www.redhat.com/support/errata/RHSA-2007-0909.html

www.securityfocus.com/bid/23269

www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350

www.ubuntu.com/usn/usn-452-1

www.vupen.com/english/advisories/2007/1212

exchange.xforce.ibmcloud.com/vulnerabilities/33397

issues.rpath.com/browse/RPL-1202

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.027 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2007-0242

openvas26 nessus24 prion1 ubuntucve1 debiancve1 slackware1 debian2 securityvulns1 ubuntu1 veracode1 redhat3 oraclelinux3 centos4 fedora1