Lucene search

[email protected]CVE-2007-3686

HistoryJul 11, 2007 - 5:30 p.m.

CVE-2007-3686

2007-07-1117:30:00

[email protected]

web.nvd.nist.gov

cve

2007

3686

crlf

injection

vulnerability

db.php

unobtrusive ajax star rating bar

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter.

Affected configurations

NVD

Node

masuga_designunobtrusive_ajax_star_rating_barRange≤1.1.9

CPENameOperatorVersion
masuga_design:unobtrusive_ajax_star_rating_barmasuga design unobtrusive ajax star rating barle1.1.9

CPE	Name	Operator	Version
masuga_design:unobtrusive_ajax_star_rating_bar	masuga design unobtrusive ajax star rating bar	le	1.1.9

References

secunia.com/advisories/25985

www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml

www.osvdb.org/35936

www.securityfocus.com/bid/24840

exchange.xforce.ibmcloud.com/vulnerabilities/35329

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2007-3686

prion1 nvd1 cvelist1