ID CVE-2007-2841 Type cve Reporter cve@mitre.org Modified 2019-11-06T04:15:00
Description
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3947. Reason: This candidate is a reservation duplicate of CVE-2007-3947. Notes: All CVE users should reference CVE-2007-3947 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
{"id": "CVE-2007-2841", "bulletinFamily": "NVD", "title": "CVE-2007-2841", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3947. Reason: This candidate is a reservation duplicate of CVE-2007-3947. Notes: All CVE users should reference CVE-2007-3947 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "published": "2019-11-06T04:15:00", "modified": "2019-11-06T04:15:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2841", "reporter": "cve@mitre.org", "references": [], "cvelist": ["CVE-2007-2841"], "type": "cve", "lastseen": "2020-10-03T11:45:51", "edition": 2, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:38318"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1362.NASL"]}], "modified": "2020-10-03T11:45:51", "rev": 2}, "score": {"value": 0.7, "vector": "NONE", "modified": "2020-10-03T11:45:51", "rev": 2}, "vulnersScore": 0.7}, "cpe": [], "affectedSoftware": [], "cvss2": {}, "cvss3": {}, "cpe23": [], "cwe": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "scheme": null}
{"osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-2841"], "description": "## Solution Description\nUpgrade to version 1.4.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Secunia Advisory ID:26593](https://secuniaresearch.flexerasoftware.com/advisories/26593/)\n[Secunia Advisory ID:26505](https://secuniaresearch.flexerasoftware.com/advisories/26505/)\n[Secunia Advisory ID:26130](https://secuniaresearch.flexerasoftware.com/advisories/26130/)\n[Secunia Advisory ID:26158](https://secuniaresearch.flexerasoftware.com/advisories/26158/)\n[Related OSVDB ID: 38312](https://vulners.com/osvdb/OSVDB:38312)\n[Related OSVDB ID: 38308](https://vulners.com/osvdb/OSVDB:38308)\n[Related OSVDB ID: 38311](https://vulners.com/osvdb/OSVDB:38311)\n[Related OSVDB ID: 38314](https://vulners.com/osvdb/OSVDB:38314)\n[Related OSVDB ID: 38313](https://vulners.com/osvdb/OSVDB:38313)\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000214.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200708-11.xml\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1362\n[CVE-2007-2841](https://vulners.com/cve/CVE-2007-2841)\n", "edition": 1, "modified": "2007-07-20T17:51:07", "published": "2007-07-20T17:51:07", "href": "https://vulners.com/osvdb/OSVDB:38318", "id": "OSVDB:38318", "title": "lighttpd Unspecified Issue", "type": "osvdb", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-01-06T09:44:50", "description": "Several vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint, which could allow the execution of\narbitrary code via the overflow of CGI variables when mod_fcgi was\nenabled. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2007-3946\n The use of mod_auth could leave to a denial of service\n attack crashing the webserver.\n\n - CVE-2007-3947\n The improper handling of repeated HTTP headers could\n cause a denial of service attack crashing the webserver.\n\n - CVE-2007-3949\n A bug in mod_access potentially allows remote users to\n bypass access restrictions via trailing slash\n characters.\n\n - CVE-2007-3950\n On 32-bit platforms users may be able to create denial\n of service attacks, crashing the webserver, via\n mod_webdav, mod_fastcgi, or mod_scgi.", "edition": 26, "published": "2007-09-03T00:00:00", "title": "Debian DSA-1362-2 : lighttpd - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3950", "CVE-2007-4727", "CVE-2007-2841", "CVE-2007-3948", "CVE-2007-3949", "CVE-2007-3947", "CVE-2007-3946"], "modified": "2007-09-03T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:lighttpd"], "id": "DEBIAN_DSA-1362.NASL", "href": "https://www.tenable.com/plugins/nessus/25962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1362. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25962);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2841\", \"CVE-2007-3946\", \"CVE-2007-3947\", \"CVE-2007-3948\", \"CVE-2007-3949\", \"CVE-2007-3950\", \"CVE-2007-4727\");\n script_xref(name:\"DSA\", value:\"1362\");\n\n script_name(english:\"Debian DSA-1362-2 : lighttpd - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint, which could allow the execution of\narbitrary code via the overflow of CGI variables when mod_fcgi was\nenabled. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2007-3946\n The use of mod_auth could leave to a denial of service\n attack crashing the webserver.\n\n - CVE-2007-3947\n The improper handling of repeated HTTP headers could\n cause a denial of service attack crashing the webserver.\n\n - CVE-2007-3949\n A bug in mod_access potentially allows remote users to\n bypass access restrictions via trailing slash\n characters.\n\n - CVE-2007-3950\n On 32-bit platforms users may be able to create denial\n of service attacks, crashing the webserver, via\n mod_webdav, mod_fastcgi, or mod_scgi.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1362\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.13-4etch4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-doc\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.13-4etch4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}]}
