Lucene search

[email protected]NVD:CVE-2007-6405

HistoryDec 17, 2007 - 6:46 p.m.

CVE-2007-6405

2007-12-1718:46:00

CWE-200

[email protected]

web.nvd.nist.gov

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.1%

JSON

Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) ‘+’ character, (2) ‘.’ character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.

Affected configurations

NVD

Node

shttpdshttpdMatch1.34

shttpdshttpdMatch1.35

shttpdshttpdMatch1.38

References

aluigi.altervista.org/adv/shttpd-adv.txt

osvdb.org/44119

securityreason.com/securityalert/3457

sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org&forum_name=shttpd-general

www.securityfocus.com/archive/1/484761/100/0/threaded

www.securityfocus.com/bid/26768

www.exploit-db.com/exploits/4700

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.1%

JSON

Related for NVD:CVE-2007-6405

prion2 cvelist2 cve2 seebug1 nvd1 openvas1 nessus1