Lucene search

[email protected]CVE-2007-5431

HistoryOct 12, 2007 - 11:17 p.m.

CVE-2007-5431

2007-10-1223:17:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2007-5431

ftp

sensitive information exposure

myftpuploader

stride 1.0

security vulnerability

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.9%

JSON

include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code.

Affected configurations

NVD

Node

javaatworkmyftpuploader_module

scottmanktelowstrideMatch1.0

CPENameOperatorVersion
javaatwork:myftpuploader_modulejavaatwork myftpuploader moduleeq*
scottmanktelow:stridescottmanktelow strideeq1.0

CPE	Name	Operator	Version
javaatwork:myftpuploader_module	javaatwork myftpuploader module	eq	*
scottmanktelow:stride	scottmanktelow stride	eq	1.0

References

osvdb.org/45487

securityreason.com/securityalert/3216

securityvulns.ru/Sdocument4.html

www.securityfocus.com/archive/1/482006/100/0/threaded

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for CVE-2007-5431

cvelist1 prion1 nvd1