Lucene search

[email protected]CVE-2007-6459

HistoryDec 20, 2007 - 12:46 a.m.

CVE-2007-6459

2007-12-2000:46:00

CWE-94

[email protected]

web.nvd.nist.gov

anon proxy server

remote code execution

cve-2007-6459

shell metacharacters

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.054 Low

EPSS

Percentile

93.2%

JSON

Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.

Affected configurations

NVD

Node

anon_proxy_serveranon_proxy_serverMatch0.100

CPENameOperatorVersion
anon_proxy_server:anon_proxy_serveranon proxy servereq0.100

CPE	Name	Operator	Version
anon_proxy_server:anon_proxy_server	anon proxy server	eq	0.100

References

osvdb.org/43711

osvdb.org/43712

securityreason.com/securityalert/3463

www.securityfocus.com/archive/1/485151/100/0/threaded

www.securityfocus.com/bid/26882

www.exploit-db.com/exploits/4734

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.054 Low

EPSS

Percentile

93.2%

JSON

Related for CVE-2007-6459

prion2 nvd2 cvelist2 cve1