Lucene search

K
cve[email protected]CVE-2007-3422
HistoryJun 26, 2007 - 11:30 p.m.

CVE-2007-3422

2007-06-2623:30:00
web.nvd.nist.gov
26
web-app.org
webapp
cve-2007-3422
security vulnerability
remote attack vectors

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.8%

The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.

Affected configurations

NVD
Node
web-app.orgwebappRange0.9.9.6

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.8%

Related for CVE-2007-3422