Lucene search

[email protected]CVE-2007-3692

HistoryJul 11, 2007 - 5:30 p.m.

CVE-2007-3692

2007-07-1117:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3692

directory traversal

ezfactory

kddi download cgi

remote attackers

arbitrary files

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.007

Percentile

80.6%

JSON

Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a … (dot dot) in the name parameter.

Affected configurations

NVD

Node

kddiezfactory_download_cgiMatch1.0

VendorProductVersionCPE
kddiezfactory_download_cgi1.0cpe:/a:kddi:ezfactory_download_cgi:1.0:::

Vendor	Product	Version	CPE
kddi	ezfactory_download_cgi	1.0	cpe:/a:kddi:ezfactory_download_cgi:1.0:::

References

jvn.jp/jp/JVN%2333593387/index.html

osvdb.org/38453

securitytracker.com/id?1018344

www.au.kddi.com/ezfactory/tec/dlcgi/info.html

www.vupen.com/english/advisories/2007/2472

exchange.xforce.ibmcloud.com/vulnerabilities/35323

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.007

Percentile

80.6%

JSON

Related for CVE-2007-3692

cvelist1 nvd1 prion1