ID CVE-2007-5113
Type cve
Reporter NVD
Modified 2018-10-15T17:40:25
Description
report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.
{"id": "CVE-2007-5113", "bulletinFamily": "NVD", "title": "CVE-2007-5113", "description": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.", "published": "2007-09-26T19:17:00", "modified": "2018-10-15T17:40:25", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5113", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/26037", "http://websecurity.com.ua/1283/", "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/", "http://securityvulns.ru/Sdocument90.html", "http://www.securityfocus.com/archive/1/482006/100/0/threaded"], "cvelist": ["CVE-2007-5113"], "type": "cve", "lastseen": "2018-10-16T10:51:38", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:roi_revolution:urchin:5.7.03"], "cvelist": ["CVE-2007-5113"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.", "edition": 1, "enchantments": {"score": {"modified": "2016-09-03T09:33:27", "value": 7.5, "vector": "NONE"}}, "hash": "f9b9e81647c543356135b1e74776da12c1581d4d1fe80d10ff29149528601757", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "045c7e0d86f33a68b95c0aa3869526a7", "key": "cpe"}, {"hash": "de491a7e317d1bf09067314ffc286f0b", "key": "description"}, {"hash": "f55001624da1f4d19f9ba6a4ce3e5a00", "key": "title"}, {"hash": "9de6c840a0a22902c3eae13b9661ef59", "key": "modified"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "22bed31d5dec4109d2341d30e9f00bbc", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "cb352d697f9028b7039ff1507c321766", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "baaabde74acc3ff74f10bead11f8490c", "key": "published"}, {"hash": "bbcd1e888c2688232977bc6dd94995d4", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5113", "id": "CVE-2007-5113", "lastseen": "2016-09-03T09:33:27", "modified": "2008-11-15T01:59:45", "objectVersion": "1.2", "published": "2007-09-26T19:17:00", "references": ["http://www.securityfocus.com/bid/26037", "http://websecurity.com.ua/1283/", "http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/", "http://securityvulns.ru/Sdocument90.html", "http://www.securityfocus.com/archive/1/archive/1/482006/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-5113", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:33:27"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "045c7e0d86f33a68b95c0aa3869526a7"}, {"key": "cvelist", "hash": "bbcd1e888c2688232977bc6dd94995d4"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "de491a7e317d1bf09067314ffc286f0b"}, {"key": "href", "hash": "cb352d697f9028b7039ff1507c321766"}, {"key": "modified", "hash": "d495e6daf1d7333db37b472227e05b6c"}, {"key": "published", "hash": "baaabde74acc3ff74f10bead11f8490c"}, {"key": "references", "hash": "92872547f041c59085fba99dcb938e8b"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "f55001624da1f4d19f9ba6a4ce3e5a00"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "a5ebbe959b570b024a7e8900735639436f937d6189495d2ab1020f21f53a2a98", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-10-16T10:51:38"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:30661"]}], "modified": "2018-10-16T10:51:38"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:roi_revolution:urchin:5.7.03"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"exploitdb": [{"lastseen": "2016-02-03T12:50:15", "bulletinFamily": "exploit", "description": "Google Urchin 5.7.3 Report.CGI Authorization Bypass Vulnerability. CVE-2007-5113 . Webapps exploit for cgi platform", "modified": "2007-10-11T00:00:00", "published": "2007-10-11T00:00:00", "id": "EDB-ID:30661", "href": "https://www.exploit-db.com/exploits/30661/", "type": "exploitdb", "title": "Google Urchin 5.7.3 Report.CGI Authorization Bypass Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/26037/info\r\n\r\nGoogle Urchin is prone to an authentication-bypass vulnerability.\r\n\r\nAn attacker can exploit this issue to gain administrative access to the vulnerable application. This may lead to other attacks.\r\n\r\nUrchin 5.7.03 is vulnerable to this issue; other versions may also be affected.\r\n\r\nNOTE: Further reports suggest that this is not a vulnerability, but a documented feature of the application. \r\n\r\nhttp://www.example.com/report.cgi?profile=x&rid=42&prefs=x&n=10&vid=1301&bd=20070703&ed=20070703&dt=4>ype=5 ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30661/"}]}