Lucene search

[email protected]CVE-2007-3647

HistoryJul 10, 2007 - 5:30 p.m.

CVE-2007-3647

2007-07-1017:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3647

remote attackers

authentication bypass

phptraffica

security vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.183 Low

EPSS

Percentile

96.2%

JSON

The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to “traffic.” NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

zoneo-softphptrafficaMatch1.4

zoneo-softphptrafficaMatch1.4.2

zoneo-softphptrafficaMatch1.4.3

CPENameOperatorVersion
zoneo-soft:phptrafficazoneo-soft phptrafficaeq1.4
zoneo-soft:phptrafficazoneo-soft phptrafficaeq1.4.2
zoneo-soft:phptrafficazoneo-soft phptrafficaeq1.4.3

CPE	Name	Operator	Version
zoneo-soft:phptraffica	zoneo-soft phptraffica	eq	1.4
zoneo-soft:phptraffica	zoneo-soft phptraffica	eq	1.4.2
zoneo-soft:phptraffica	zoneo-soft phptraffica	eq	1.4.3

References

corryl.altervista.org/index.php?mod=read&id=1183748959

osvdb.org/37477

secunia.com/advisories/25976

securityreason.com/securityalert/2870

www.securityfocus.com/archive/1/473041/100/0/threaded

www.securityfocus.com/bid/24823

exchange.xforce.ibmcloud.com/vulnerabilities/35290

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.183 Low

EPSS

Percentile

96.2%

JSON

Related for CVE-2007-3647

prion1 cvelist1 nvd1