Lucene search

MitreCVE-2008-1617

HistoryApr 08, 2008 - 6:05 p.m.

CVE-2008-1617

2008-04-0818:05:00

CWE-189

mitre

web.nvd.nist.gov

cve-2008-1617

web transferctrl

vulnerability

remote code execution

worksite web 8.2

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.043

Percentile

92.3%

JSON

Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.

Affected configurations

Nvd

Node

interwovenworksite_webRange≤8.2

VendorProductVersionCPE
interwovenworksite_web*cpe:2.3:a:interwoven:worksite_web:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
interwoven	worksite_web	*	cpe:2.3:a:interwoven:worksite_web::::::::

References

secunia.com/advisories/29733

www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf

www.securityfocus.com/bid/28628

www.vupen.com/english/advisories/2008/1134/references

exchange.xforce.ibmcloud.com/vulnerabilities/41699

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.043

Percentile

92.3%

JSON

Related for CVE-2008-1617