Lucene search

[email protected]CVE-2007-2769

HistoryMay 21, 2007 - 8:30 p.m.

CVE-2007-2769

2007-05-2120:30:00

[email protected]

web.nvd.nist.gov

cve-2007-2769

opendap

hydrax

file upload vulnerability

command execution vulnerability

security advisory

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.8%

JSON

BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file.

Affected configurations

NVD

Node

opendapbesRange≤3.4.2

opendaphyraxMatch1.2

CPENameOperatorVersion
opendap:besopendap besle3.4.2
opendap:hyraxopendap hyraxeq1.2

CPE	Name	Operator	Version
opendap:bes	opendap bes	le	3.4.2
opendap:hyrax	opendap hyrax	eq	1.2

References

osvdb.org/35487

secunia.com/advisories/25319

www.kb.cert.org/vuls/id/659148

www.opendap.org/security.html

www.securityfocus.com/bid/24055

www.vupen.com/english/advisories/2007/1887

exchange.xforce.ibmcloud.com/vulnerabilities/34408

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.8%

JSON

Related for CVE-2007-2769

cvelist1 prion1 nvd1