Lucene search

[email protected]NVD:CVE-2007-3423

HistoryJun 26, 2007 - 11:30 p.m.

CVE-2007-3423

2007-06-2623:30:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

JSON

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or © removed member, which has unknown impact and remote attack vectors.

Affected configurations

NVD

Node

web-app.orgwebappRange≤0.9.9.6

References

osvdb.org/45409

www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458

www.web-app.org/downloads/WebAPPv0.9.9.7.zip

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for NVD:CVE-2007-3423

prion1 cvelist1 cve1