{"href": "https://vulners.com/osvdb/OSVDB:38083", "id": "OSVDB:38083", "reporter": "OSVDB", "published": "2007-07-12T18:22:38", "description": "## Solution Description\nUpgrade to version 0.6.21 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Secunia Advisory ID:26000](https://secuniaresearch.flexerasoftware.com/advisories/26000/)\n[CVE-2007-3714](https://vulners.com/cve/CVE-2007-3714)\nBugtraq ID: 24853\n", "title": "ImgSvr Default URI template Variable Traversal Arbitrary File Access", "lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "references": [], "edition": 1, "cvelist": ["CVE-2007-3714"], "affectedSoftware": [], "viewCount": 1, "enchantments": {"score": {"value": 5.5, "vector": "NONE", "modified": "2017-04-28T13:20:34", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3714"]}, {"type": "exploitdb", "idList": ["EDB-ID:30286"]}], "modified": "2017-04-28T13:20:34", "rev": 2}, "vulnersScore": 5.5}, "modified": "2007-07-12T18:22:38"}

{"cve": [{"lastseen": "2021-02-02T05:31:25", "description": "Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this is probably a different issue than CVE-2004-2464. NOTE: it was later reported that 0.6.21 and earlier is also affected.", "edition": 4, "cvss3": {}, "published": "2007-07-11T23:30:00", "title": "CVE-2007-3714", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3714"], "modified": "2018-10-15T21:29:00", "cpe": ["cpe:/a:ada:imgsvr:0.6.5"], "id": "CVE-2007-3714", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3714", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ada:imgsvr:0.6.5:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-03T12:08:11", "description": "ImgSvr 0.6 Template Parameter Local File Include Vulnerability. CVE-2007-3714. Remote exploit for linux platform", "published": "2007-07-10T00:00:00", "type": "exploitdb", "title": "ImgSvr 0.6 Template Parameter Local File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3714"], "modified": "2007-07-10T00:00:00", "id": "EDB-ID:30286", "href": "https://www.exploit-db.com/exploits/30286/", "sourceData": "source: http://www.securityfocus.com/bid/24853/info\r\n\r\nImgSvr is prone to a local file-include vulnerability because it fails to sanitize user-supplied input.\r\n\r\nAttackers may exploit this issue to access files that may contain sensitive information.\r\n\r\nUPDATE (December 24, 2007): According to the vendor, this issue was addressed in ImgSvr 0.6.21. However, reports indicate that this version is still vulnerable.\r\n\r\nGET /?template=../../../../../../../../../../etc/passwd HTTP/1.0 ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30286/"}]}