CVE-2007-6383

2007-12-1502:00:00

mitre

www.cve.org

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

55.7%

JSON

The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user’s home collection.

References

lists.osafoundation.org/pipermail/cosmo-dev/2007-December/005442.html

osvdb.org/44152

www.vupen.com/english/advisories/2007/4214

bugzilla.osafoundation.org/show_bug.cgi?id=11587