Lucene search

MitreCVE-2007-6314

HistoryDec 12, 2007 - 12:46 a.m.

CVE-2007-6314

2007-12-1200:46:00

CWE-20

mitre

web.nvd.nist.gov

cve-2007-6314

barracudadrive

web server

remote code disclosure

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.019

Percentile

88.9%

JSON

BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL.

Affected configurations

Nvd

Node

real_time_logicbarracudadrive_web_serverMatch3.7.2

real_time_logicbarracudadrive_web_server_home_serverMatch3.7.2

VendorProductVersionCPE
real_time_logicbarracudadrive_web_server3.7.2cpe:2.3:a:real_time_logic:barracudadrive_web_server:3.7.2:*:*:*:*:*:*:*
real_time_logicbarracudadrive_web_server_home_server3.7.2cpe:2.3:a:real_time_logic:barracudadrive_web_server_home_server:3.7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
real_time_logic	barracudadrive_web_server	3.7.2	cpe:2.3:a:real_time_logic:barracudadrive_web_server:3.7.2:::::::*
real_time_logic	barracudadrive_web_server_home_server	3.7.2	cpe:2.3:a:real_time_logic:barracudadrive_web_server_home_server:3.7.2:::::::*

References

aluigi.altervista.org/adv/barradrive-adv.txt

secunia.com/advisories/28032

securityreason.com/securityalert/3434

www.securityfocus.com/archive/1/484833/100/0/threaded

www.securityfocus.com/bid/26805

exchange.xforce.ibmcloud.com/vulnerabilities/38972

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.019

Percentile

88.9%

JSON

Related for CVE-2007-6314