Lucene search

[email protected]CVE-2007-4400

HistoryAug 18, 2007 - 9:17 p.m.

CVE-2007-4400

2007-08-1821:17:00

[email protected]

web.nvd.nist.gov

crlf injection

vulnerability

konversation

media script

remote attackers

irc commands

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Affected configurations

NVD

Node

konversationkonversation

CPENameOperatorVersion
konversation:konversationkonversationeq*

CPE	Name	Operator	Version
konversation:konversation	konversation	eq	*

References

lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html

osvdb.org/39569

secunia.com/advisories/26456

secunia.com/advisories/29752

securityreason.com/securityalert/3036

wouter.coekaerts.be/site/security/nowplaying

www.securityfocus.com/archive/1/476283/100/0/threaded

www.securityfocus.com/bid/25281

exchange.xforce.ibmcloud.com/vulnerabilities/35985

www.redhat.com/archives/fedora-package-announce/2008-April/msg00134.html

www.redhat.com/archives/fedora-package-announce/2008-April/msg00209.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

Related for CVE-2007-4400

ubuntucve1 openvas4 cvelist1 nessus2 fedora2 debiancve1 prion1 redhatcve1 nvd1