Lucene search

K
cve[email protected]CVE-2007-3774
HistoryJul 15, 2007 - 10:30 p.m.

CVE-2007-3774

2007-07-1522:30:00
NVD-CWE-Other
web.nvd.nist.gov
18
cve-2007-3774
dvbbs
web security
access control
database security
remote attack

7.2 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.005 Low

EPSS

Percentile

76.0%

Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb.

CPENameOperatorVersion
dvbbs:dvbbsdvbbseq7.1.0_sp1

7.2 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.005 Low

EPSS

Percentile

76.0%

Related for CVE-2007-3774