Lucene search

[email protected]NVD:CVE-2007-6383

HistoryDec 15, 2007 - 2:46 a.m.

CVE-2007-6383

2007-12-1502:46:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

55.7%

JSON

The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user’s home collection.

Affected configurations

Nvd

Node

chandler_projectchandler_serverRange≤0.10

VendorProductVersionCPE
chandler_projectchandler_server*cpe:2.3:a:chandler_project:chandler_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
chandler_project	chandler_server	*	cpe:2.3:a:chandler_project:chandler_server::::::::

References

lists.osafoundation.org/pipermail/cosmo-dev/2007-December/005442.html

osvdb.org/44152

www.vupen.com/english/advisories/2007/4214

bugzilla.osafoundation.org/show_bug.cgi?id=11587

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

55.7%

JSON

Related for NVD:CVE-2007-6383

prion1 cvelist1 cve1