Lucene search

K
cve[email protected]CVE-2007-3422
HistoryJun 26, 2007 - 11:30 p.m.

CVE-2007-3422

2007-06-2623:30:00
web.nvd.nist.gov
27
web-app.org
webapp
cve-2007-3422
security vulnerability
remote attack vectors

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.

Affected configurations

NVD
Node
web-app.orgwebappRange0.9.9.6

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

Related for CVE-2007-3422