Lucene search

K

[email protected]NVD:CVE-2007-4337

HistoryAug 14, 2007 - 6:17 p.m.

CVE-2007-4337

2007-08-1418:17:00

CWE-119

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.279 Low

EPSS

Percentile

96.9%

Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.

Affected configurations

NVD

Node

streamripperstreamripperMatch1.61.1

OR

streamripperstreamripperMatch1.61.17

OR

streamripperstreamripperMatch1.61.24

OR

streamripperstreamripperMatch1.61.25

OR

streamripperstreamripperMatch1.61.26

OR

streamripperstreamripperMatch1.62

References

osvdb.org/39533

secunia.com/advisories/26406

secunia.com/advisories/26814

secunia.com/advisories/33052

secunia.com/advisories/33061

security.gentoo.org/glsa/glsa-200709-03.xml

sourceforge.net/project/shownotes.php?group_id=6172&release_id=531738

streamripper.cvs.sourceforge.net/streamripper/sripper_1x/lib/http.c?r1=1.38&r2=1.39

www.debian.org/security/2008/dsa-1683

www.securityfocus.com/archive/1/476302/100/0/threaded

www.securityfocus.com/bid/25278

www.securitytracker.com/id?1018553

www.vupen.com/english/advisories/2007/2858

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.279 Low

EPSS

Percentile

96.9%

Related for NVD:CVE-2007-4337

cve2 prion1 ubuntucve2 cvelist2 debiancve2 gentoo2 openvas8 nvd1 debian2 nessus4 securityvulns2 osv1