CVE-2007-5934
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.
La funcionalidad LOB en PEAR MDB2 anterior a 2.5.0a1 interpreta una respuesta para almacenar una cadena que contiene una URL, lo cual podría permitir a atacantes remotos utilziar MDB2 como un proxy indirecto o obtener información sensible a través de una URL dentro del campo form en una aplicaicón MDB2, como se demostró por file:// URL o una URL para un sitio web intranet.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-11-13 CVE Reserved
- 2007-11-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://bugs.gentoo.org/show_bug.cgi?id=198446 | X_refsource_confirm | |
http://marc.info/?l=pear-cvs&m=117823082829114&w=2 | Mailing List | |
http://osvdb.org/42107 | Vdb Entry | |
http://pear.php.net/bugs/bug.php?id=10024 | X_refsource_confirm | |
http://pear.php.net/package/MDB2/download/2.5.0a1 | X_refsource_confirm | |
http://secunia.com/advisories/27572 | Third Party Advisory | |
http://secunia.com/advisories/27626 | Third Party Advisory | |
http://secunia.com/advisories/27983 | Third Party Advisory | |
http://www.securityfocus.com/bid/26382 | Vdb Entry | |
http://www.vupen.com/english/advisories/2007/3806 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://security.gentoo.org/glsa/glsa-200712-05.xml | 2011-03-08 | |
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00434.html | 2011-03-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pear Search vendor "Pear" | Structures Datagrid Datasource Mdb2 Search vendor "Pear" for product "Structures Datagrid Datasource Mdb2" | <= 2.5.0 Search vendor "Pear" for product "Structures Datagrid Datasource Mdb2" and version " <= 2.5.0" | - |
Affected
|