Lucene search

[email protected]CVE-2007-0585

HistoryJan 30, 2007 - 5:28 p.m.

CVE-2007-0585

2007-01-3017:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0585

webfwlog

source code disclosure

remote exploit

directory traversal

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.037 Low

EPSS

Percentile

91.8%

JSON

include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks.

Affected configurations

NVD

Node

webfwlogwebfwlogRange≤0.92

CPENameOperatorVersion
webfwlog:webfwlogwebfwlogle0.92

CPE	Name	Operator	Version
webfwlog:webfwlog	webfwlog	le	0.92

References

osvdb.org/33015

secunia.com/advisories/23968

webfwlog.cvs.sourceforge.net/%2Acheckout%2A/webfwlog/webfwlog/ChangeLog

www.securityfocus.com/bid/22291

www.vupen.com/english/advisories/2007/0399

exchange.xforce.ibmcloud.com/vulnerabilities/31881

www.exploit-db.com/exploits/3222

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.037 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2007-0585

cvelist1 nvd1 prion1 securityvulns1