Search...

CVE-2007-5113

2007-09-26T23:17:00

ID CVE-2007-5113
Type cve
Reporter cve@mitre.org
Modified 2018-10-15T21:40:00

Description

report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.

JSON Vulners Source

Initial Source

{"id": "CVE-2007-5113", "bulletinFamily": "NVD", "title": "CVE-2007-5113", "description": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.", "published": "2007-09-26T23:17:00", "modified": "2018-10-15T21:40:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5113", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/26037", "http://websecurity.com.ua/1283/", "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/", "http://securityvulns.ru/Sdocument90.html", "http://www.securityfocus.com/archive/1/482006/100/0/threaded"], "cvelist": ["CVE-2007-5113"], "type": "cve", "lastseen": "2019-05-29T18:09:01", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d118d0329be365414409b6648a937528"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "bbcd1e888c2688232977bc6dd94995d4"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "9725bf9e3870a4049c8e63b594766cf2"}, {"key": "description", "hash": "de491a7e317d1bf09067314ffc286f0b"}, {"key": "href", "hash": "cb352d697f9028b7039ff1507c321766"}, {"key": "modified", "hash": "a6ead0251105588099639c7a95c34d74"}, {"key": "published", "hash": "30bbfa4a59634b920fd5a42860e459a0"}, {"key": "references", "hash": "92872547f041c59085fba99dcb938e8b"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "f55001624da1f4d19f9ba6a4ce3e5a00"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "4ba01df81928d451a4ef14a8ddbe2ffdb46736e22a05a041635b70d03949e2d6", "viewCount": 0, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2019-05-29T18:09:01"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:30661"]}], "modified": "2019-05-29T18:09:01"}, "vulnersScore": 6.0}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "roi_revolution urchin", "operator": "le", "version": "5.7.03"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": [], "cwe": ["CWE-287"]}

{"exploitdb": [{"lastseen": "2016-02-03T12:50:15", "bulletinFamily": "exploit", "description": "Google Urchin 5.7.3 Report.CGI Authorization Bypass Vulnerability. CVE-2007-5113 . Webapps exploit for cgi platform", "modified": "2007-10-11T00:00:00", "published": "2007-10-11T00:00:00", "id": "EDB-ID:30661", "href": "https://www.exploit-db.com/exploits/30661/", "type": "exploitdb", "title": "Google Urchin 5.7.3 Report.CGI Authorization Bypass Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/26037/info\r\n\r\nGoogle Urchin is prone to an authentication-bypass vulnerability.\r\n\r\nAn attacker can exploit this issue to gain administrative access to the vulnerable application. This may lead to other attacks.\r\n\r\nUrchin 5.7.03 is vulnerable to this issue; other versions may also be affected.\r\n\r\nNOTE: Further reports suggest that this is not a vulnerability, but a documented feature of the application. \r\n\r\nhttp://www.example.com/report.cgi?profile=x&rid=42&prefs=x&n=10&vid=1301&bd=20070703&ed=20070703&dt=4&gtype=5 ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30661/"}]}