Lucene search

PRIOn knowledge basePRION:CVE-2007-2079

HistoryApr 18, 2007 - 3:19 a.m.

Buffer overflow

2007-04-1803:19:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.065 Low

EPSS

Percentile

93.5%

JSON

The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.

CPENameOperatorVersion
apache_distributioneq<= 1.6.0a

CPE	Name	Operator	Version
	apache_distribution	eq	<= 1.6.0a

References

osvdb.org/41594

www.securityfocus.com/bid/23491

exchange.xforce.ibmcloud.com/vulnerabilities/33683

www.exploit-db.com/exploits/3738

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.065 Low

EPSS

Percentile

93.5%

JSON

Related for PRION:CVE-2007-2079