CVE-2007-4909
WinSCP 4.0.3 - URL Protocol Handler Arbitrary File Access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.
Conflicto de interpretación en WinSCP anterior a 4.0.4 permite a atacantes remotos llevar a cabo transferencias de archvios de su elección con un servidor remoto a través de comandos de transferencia de archivos en la porción final de un (1) scp, y posiblemente un (2)sftp o (3) ftp, URL, tal y como se demostró con la validación de una URL específica en un servidor remoto con un nombre de usuario de scp, el cual es interpretado como un nombre de esquema HTTP a través del manejador de protocolo del navegador web, pero este es interpretado como un nombre de usuario por WinSCP. NOTA: esto está relacionado con un parche incompleto para CVE-2006-3015.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-09-13 First Exploit
- 2007-09-17 CVE Reserved
- 2007-09-17 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3141 | Third Party Advisory | |
| http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30 | X_refsource_misc | |
| http://winscp.net/eng/docs/history | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/479298/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1018697 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36591 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/30582 | 2007-09-13 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26820 | 2018-10-15 | |
| http://www.securityfocus.com/bid/25655 | 2018-10-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 2.0.0 Search vendor "Winscp" for product "Winscp" and version "2.0.0" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 3.5.5_beta Search vendor "Winscp" for product "Winscp" and version "3.5.5_beta" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 3.5.6 Search vendor "Winscp" for product "Winscp" and version "3.5.6" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 3.6 Search vendor "Winscp" for product "Winscp" and version "3.6" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 3.6.1 Search vendor "Winscp" for product "Winscp" and version "3.6.1" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 3.6.5_beta Search vendor "Winscp" for product "Winscp" and version "3.6.5_beta" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 3.6.6 Search vendor "Winscp" for product "Winscp" and version "3.6.6" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 3.6.7 Search vendor "Winscp" for product "Winscp" and version "3.6.7" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 3.8.1 Search vendor "Winscp" for product "Winscp" and version "3.8.1" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 3.8.2 Search vendor "Winscp" for product "Winscp" and version "3.8.2" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 4.0.2 Search vendor "Winscp" for product "Winscp" and version "4.0.2" | - |
Affected
| ||||||
| Winscp Search vendor "Winscp" | Winscp Search vendor "Winscp" for product "Winscp" | 4.0.3 Search vendor "Winscp" for product "Winscp" and version "4.0.3" | - |
Affected
| ||||||