Lucene search

[email protected]CVE-2007-3422

HistoryJun 26, 2007 - 11:30 p.m.

CVE-2007-3422

2007-06-2623:30:00

[email protected]

web.nvd.nist.gov

web-app.org

webapp

cve-2007-3422

security vulnerability

remote attack vectors

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

JSON

The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.

Affected configurations

NVD

Node

web-app.orgwebappRange≤0.9.9.6

CPENameOperatorVersion
web-app.org:webappweb-app.org webapple0.9.9.6

CPE	Name	Operator	Version
web-app.org:webapp	web-app.org webapp	le	0.9.9.6

References

osvdb.org/45408

www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458

www.web-app.org/downloads/WebAPPv0.9.9.7.zip

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2007-3422

nvd1 prion1 cvelist1