Lucene search

[email protected]CVE-2007-4723

HistorySep 05, 2007 - 7:17 p.m.

CVE-2007-4723

2007-09-0519:17:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2007-4723

directory traversal

ragnarok online control panel

authentication bypass

apache http server

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a “/…/” sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.

Affected configurations

NVD

Node

ragnarok_online_control_panel_projectragnarok_online_control_panelMatch4.3.4a

AND

apachehttp_server

CPENameOperatorVersion
ragnarok_online_control_panel_project:ragnarok_online_control_panelragnarok online control panel project ragnarok online control paneleq4.3.4a

CPE	Name	Operator	Version
ragnarok_online_control_panel_project:ragnarok_online_control_panel	ragnarok online control panel project ragnarok online control panel	eq	4.3.4a

References

osvdb.org/45879

securityreason.com/securityalert/3100

www.securityfocus.com/archive/1/478263/100/0/threaded

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2007-4723

nvd1 prion1 cvelist1