Lucene search

[email protected]CVE-2007-6405

HistoryDec 17, 2007 - 6:46 p.m.

CVE-2007-6405

2007-12-1718:46:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2007-6405

sergey lyubka

simple httpd

shttpd

windows

remote attackers

cgi

uri

security vulnerability

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.1%

JSON

Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) ‘+’ character, (2) ‘.’ character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.

Affected configurations

NVD

Node

shttpdshttpdMatch1.34

shttpdshttpdMatch1.35

shttpdshttpdMatch1.38

CPENameOperatorVersion
shttpd:shttpdshttpdeq1.34
shttpd:shttpdshttpdeq1.35
shttpd:shttpdshttpdeq1.38

CPE	Name	Operator	Version
shttpd:shttpd	shttpd	eq	1.34
shttpd:shttpd	shttpd	eq	1.35
shttpd:shttpd	shttpd	eq	1.38

References

aluigi.altervista.org/adv/shttpd-adv.txt

osvdb.org/44119

securityreason.com/securityalert/3457

sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org&forum_name=shttpd-general

www.securityfocus.com/archive/1/484761/100/0/threaded

www.securityfocus.com/bid/26768

www.exploit-db.com/exploits/4700

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.1%

JSON

Related for CVE-2007-6405

cvelist2 prion2 nvd2 seebug1 cve1 openvas1 nessus1