Lucene search

[email protected]CVE-2007-1540

HistoryMar 20, 2007 - 10:19 p.m.

CVE-2007-1540

2007-03-2022:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2007

1540

directory traversal

vulnerability

am.pl

sql-ledger

ledgersmb

authentication bypass

7.1 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.021 Low

EPSS

Percentile

89.1%

JSON

Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a … (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.

CPENameOperatorVersion
sql-ledger:sql-ledgersql-ledgerle2.6.27
ledgersmb:ledgersmbledgersmble1.1.8

CPE	Name	Operator	Version
sql-ledger:sql-ledger	sql-ledger	le	2.6.27
ledgersmb:ledgersmb	ledgersmb	le	1.1.8

References

secunia.com/advisories/24560

secunia.com/advisories/24585

sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965

sql-ledger.com/cgi-bin/nav.pl?page=news.html&title=What%27s%20New

www.osvdb.org/33624

www.securityfocus.com/archive/1/463175/100/0/threaded

www.securityfocus.com/bid/23034

www.vupen.com/english/advisories/2007/1024

www.vupen.com/english/advisories/2007/1025

7.1 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.021 Low

EPSS

Percentile

89.1%

JSON

Related for CVE-2007-1540

ubuntucve1 prion1 debiancve1 securityvulns1