Lucene search

[email protected]CVE-2007-4494

HistoryAug 23, 2007 - 1:17 a.m.

CVE-2007-4494

2007-08-2301:17:00

[email protected]

web.nvd.nist.gov

ez publish

tipafriend

cve-2007-4494

spam attacks

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.6%

JSON

The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.

Affected configurations

NVD

Node

ezez_publishRange≤3.8.8

ezez_publishMatch3.9.0

ezez_publishMatch3.9.1

ezez_publishMatch3.9.2

CPENameOperatorVersion
ez:ez_publishez ez publishle3.8.8
ez:ez_publishez ez publisheq3.9.0
ez:ez_publishez ez publisheq3.9.1
ez:ez_publishez ez publisheq3.9.2

CPE	Name	Operator	Version
ez:ez_publish	ez ez publish	le	3.8.8
ez:ez_publish	ez ez publish	eq	3.9.0
ez:ez_publish	ez ez publish	eq	3.9.1
ez:ez_publish	ez ez publish	eq	3.9.2

References

ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9

ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9

ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3

osvdb.org/40325

secunia.com/advisories/26686

www.securityfocus.com/bid/25538

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.6%

JSON

Related for CVE-2007-4494

ubuntucve1 cvelist1 nvd1 prion1