Lucene search

[email protected]CVE-2007-5578

HistoryOct 18, 2007 - 10:17 p.m.

CVE-2007-5578

2007-10-1822:17:00

CWE-287

[email protected]

web.nvd.nist.gov

base

security

authentication bypass

cve-2007-5578

vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.4%

JSON

Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.

Affected configurations

NVD

Node

secureideasbasic_analysis_and_security_engineMatch1.3.6

CPENameOperatorVersion
secureideas:basic_analysis_and_security_enginesecureideas basic analysis and security engineeq1.3.6

CPE	Name	Operator	Version
secureideas:basic_analysis_and_security_engine	secureideas basic analysis and security engine	eq	1.3.6

References

archives.neohapsis.com/archives/fulldisclosure/2007-06/0031.html

lists.grok.org.uk/pipermail/full-disclosure/2007-June/063767.html

secunia.com/advisories/25518

sourceforge.net/project/shownotes.php?group_id=103348&release_id=521723

www.osvdb.org/35243

www.securityfocus.com/bid/24315

exchange.xforce.ibmcloud.com/vulnerabilities/34724

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.4%

JSON

Related for CVE-2007-5578

cvelist1 nvd1 nessus1 prion1