Lucene search

[email protected]CVE-2007-2726

HistoryMay 16, 2007 - 10:30 p.m.

CVE-2007-2726

2007-05-1622:30:00

[email protected]

web.nvd.nist.gov

bitscast

0.13.0

remote attackers

denial of service

application crash

rss 2.0

pubdate

cve-2007-2726

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.7 Medium

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.3%

JSON

BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated “…/A” or “A/…/” patterns.

Affected configurations

NVD

Node

bitscastbitscastMatch0.13.0

CPENameOperatorVersion
bitscast:bitscastbitscasteq0.13.0

CPE	Name	Operator	Version
bitscast:bitscast	bitscast	eq	0.13.0

References

osvdb.org/39767

www.securityfocus.com/bid/23993

exchange.xforce.ibmcloud.com/vulnerabilities/34344

www.exploit-db.com/exploits/3929

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.7 Medium

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for CVE-2007-2726

prion1 nvd1 cvelist1