Lucene search

[email protected]CVE-2007-3258

HistoryJun 27, 2007 - 5:30 p.m.

CVE-2007-3258

2007-06-2717:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

security

vulnerability

cve-2007-3258

calendarix

sensitive information

remote attackers

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.2%

JSON

calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message.

CPENameOperatorVersion
vincent_hor:calendarixvincent hor calendarixeq0.7.2007-03-07

CPE	Name	Operator	Version
vincent_hor:calendarix	vincent hor calendarix	eq	0.7.2007-03-07

References

marc.info/?l=bugtraq&m=118279128017628&w=2

marc.info/?l=full-disclosure&m=118279031307874&w=2

www.netvigilance.com/advisory0035

www.osvdb.org/35371

exchange.xforce.ibmcloud.com/vulnerabilities/35047

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2007-3258

securityvulns2 prion1