cvelistv5 - cve-2007-4465

CVE-2007-4465 (GCVE-0-2007-4465)

Vulnerability from cvelistv5

Published

2007-09-14 00:00

Modified

2025-01-17 14:50

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

Summary

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

References

URL

Tags

	http://www.redhat.com/support/errata/RHSA-2008-0005.html	vendor-advisory, x_refsource_REDHAT
	http://securityreason.com/securityalert/3113	third-party-advisory, x_refsource_SREASON
	http://secunia.com/advisories/28749	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089	vdb-entry, signature, x_refsource_OVAL
	http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/26952	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/31651	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=124654546101607&w=2	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/bid/25653	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/27563	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27732	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1019194	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2007-0911.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2008-0006.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/archive/1/479237/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929	vdb-entry, signature, x_refsource_OVAL
	http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisory, x_refsource_HP
	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	third-party-advisory, x_refsource_CERT
	http://www.novell.com/linux/security/advisories/2007_61_apache2.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html	vendor-advisory, x_refsource_FEDORA
	http://www.redhat.com/support/errata/RHSA-2008-0008.html	vendor-advisory, x_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:014	vendor-advisory, x_refsource_MANDRIVA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/30430	third-party-advisory, x_refsource_SECUNIA
	http://www.apache.org/dist/httpd/CHANGES_2.2.6	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm	x_refsource_CONFIRM
	http://secunia.com/advisories/33105	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/36586	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/28467	third-party-advisory, x_refsource_SECUNIA
	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2008-0004.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/28607	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200711-06.xml	vendor-advisory, x_refsource_GENTOO
	http://marc.info/?l=bugtraq&m=124654546101607&w=2	vendor-advisory, x_refsource_HP
	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/28471	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1697	vdb-entry, x_refsource_VUPEN
	http://securityreason.com/achievement_securityalert/46	third-party-advisory, x_refsource_SREASONRES
	http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/usn-575-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/26842	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/35650	third-party-advisory, x_refsource_SECUNIA
	http://bugs.gentoo.org/show_bug.cgi?id=186219	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:53:56.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2008:0005",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
          },
          {
            "name": "3113",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3113"
          },
          {
            "name": "28749",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28749"
          },
          {
            "name": "oval:org.mitre.oval:def:6089",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"
          },
          {
            "name": "HPSBUX02465",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "26952",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26952"
          },
          {
            "name": "31651",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31651"
          },
          {
            "name": "SSRT090085",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
          },
          {
            "name": "25653",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25653"
          },
          {
            "name": "27563",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27563"
          },
          {
            "name": "27732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27732"
          },
          {
            "name": "1019194",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019194"
          },
          {
            "name": "RHSA-2007:0911",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"
          },
          {
            "name": "RHSA-2008:0006",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
          },
          {
            "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:10929",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"
          },
          {
            "name": "SSRT090192",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "TA08-150A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
          },
          {
            "name": "SUSE-SA:2007:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
          },
          {
            "name": "FEDORA-2007-2214",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"
          },
          {
            "name": "RHSA-2008:0008",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
          },
          {
            "name": "MDVSA-2008:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
          },
          {
            "name": "HPSBUX02365",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
          },
          {
            "name": "30430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30430"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"
          },
          {
            "name": "APPLE-SA-2008-05-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
          },
          {
            "name": "33105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33105"
          },
          {
            "name": "apache-utf7-xss(36586)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"
          },
          {
            "name": "28467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28467"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
          },
          {
            "name": "RHSA-2008:0004",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
          },
          {
            "name": "28607",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28607"
          },
          {
            "name": "GLSA-200711-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
          },
          {
            "name": "HPSBUX02431",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
          },
          {
            "name": "FEDORA-2007-707",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"
          },
          {
            "name": "28471",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28471"
          },
          {
            "name": "ADV-2008-1697",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1697"
          },
          {
            "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASONRES",
              "x_transferred"
            ],
            "url": "http://securityreason.com/achievement_securityalert/46"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "name": "USN-575-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-575-1"
          },
          {
            "name": "26842",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26842"
          },
          {
            "name": "SSRT080118",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
          },
          {
            "name": "35650",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35650"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2007-4465",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-05T17:42:37.598591Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-17T14:50:38.126Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.  NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2008:0005",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
        },
        {
          "name": "3113",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3113"
        },
        {
          "name": "28749",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28749"
        },
        {
          "name": "oval:org.mitre.oval:def:6089",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"
        },
        {
          "name": "HPSBUX02465",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "26952",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26952"
        },
        {
          "name": "31651",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31651"
        },
        {
          "name": "SSRT090085",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
        },
        {
          "name": "25653",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25653"
        },
        {
          "name": "27563",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27563"
        },
        {
          "name": "27732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27732"
        },
        {
          "name": "1019194",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019194"
        },
        {
          "name": "RHSA-2007:0911",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"
        },
        {
          "name": "RHSA-2008:0006",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
        },
        {
          "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:10929",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"
        },
        {
          "name": "SSRT090192",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "TA08-150A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
        },
        {
          "name": "SUSE-SA:2007:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
        },
        {
          "name": "FEDORA-2007-2214",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"
        },
        {
          "name": "RHSA-2008:0008",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
        },
        {
          "name": "MDVSA-2008:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
        },
        {
          "name": "HPSBUX02365",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
        },
        {
          "name": "30430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30430"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"
        },
        {
          "name": "APPLE-SA-2008-05-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
        },
        {
          "name": "33105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33105"
        },
        {
          "name": "apache-utf7-xss(36586)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"
        },
        {
          "name": "28467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28467"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
        },
        {
          "name": "RHSA-2008:0004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
        },
        {
          "name": "28607",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28607"
        },
        {
          "name": "GLSA-200711-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
        },
        {
          "name": "HPSBUX02431",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
        },
        {
          "name": "FEDORA-2007-707",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"
        },
        {
          "name": "28471",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28471"
        },
        {
          "name": "ADV-2008-1697",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1697"
        },
        {
          "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASONRES"
          ],
          "url": "http://securityreason.com/achievement_securityalert/46"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "name": "USN-575-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-575-1"
        },
        {
          "name": "26842",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26842"
        },
        {
          "name": "SSRT080118",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
        },
        {
          "name": "35650",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35650"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4465",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.  NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2008:0005",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
            },
            {
              "name": "3113",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3113"
            },
            {
              "name": "28749",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28749"
            },
            {
              "name": "oval:org.mitre.oval:def:6089",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"
            },
            {
              "name": "HPSBUX02465",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "26952",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26952"
            },
            {
              "name": "31651",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31651"
            },
            {
              "name": "SSRT090085",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
            },
            {
              "name": "25653",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25653"
            },
            {
              "name": "27563",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27563"
            },
            {
              "name": "27732",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27732"
            },
            {
              "name": "1019194",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019194"
            },
            {
              "name": "RHSA-2007:0911",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"
            },
            {
              "name": "RHSA-2008:0006",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
            },
            {
              "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:10929",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"
            },
            {
              "name": "SSRT090192",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "TA08-150A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
            },
            {
              "name": "SUSE-SA:2007:061",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
            },
            {
              "name": "FEDORA-2007-2214",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"
            },
            {
              "name": "RHSA-2008:0008",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
            },
            {
              "name": "MDVSA-2008:014",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
            },
            {
              "name": "HPSBUX02365",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
            },
            {
              "name": "30430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30430"
            },
            {
              "name": "http://www.apache.org/dist/httpd/CHANGES_2.2.6",
              "refsource": "CONFIRM",
              "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"
            },
            {
              "name": "APPLE-SA-2008-05-28",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
            },
            {
              "name": "33105",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33105"
            },
            {
              "name": "apache-utf7-xss(36586)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"
            },
            {
              "name": "28467",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28467"
            },
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
            },
            {
              "name": "RHSA-2008:0004",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
            },
            {
              "name": "28607",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28607"
            },
            {
              "name": "GLSA-200711-06",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
            },
            {
              "name": "HPSBUX02431",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
            },
            {
              "name": "FEDORA-2007-707",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"
            },
            {
              "name": "28471",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28471"
            },
            {
              "name": "ADV-2008-1697",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1697"
            },
            {
              "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
              "refsource": "SREASONRES",
              "url": "http://securityreason.com/achievement_securityalert/46"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "USN-575-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-575-1"
            },
            {
              "name": "26842",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26842"
            },
            {
              "name": "SSRT080118",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
            },
            {
              "name": "35650",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35650"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=186219",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4465",
    "datePublished": "2007-09-14T00:00:00.000Z",
    "dateReserved": "2007-08-21T00:00:00.000Z",
    "dateUpdated": "2025-01-17T14:50:38.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-278

Vulnerability from certfr_avis

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées. L'exploitation de ces dernières peut avoir plusieurs conséquences, dont des exécutions de codes arbitraires à distance.

Description

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées :

le serveur AFP (Apple Filing Protocol) ne vérifie pas correctement la cohérence d'accès entre répertoires et fichiers.
le serveur Apache est mis à jour en 2.0.63 pour les versions Mac OS X Server v10.4.x ; nouvelle version qui corrige des vulnérabilités permettant des attaques par injection de code indirecte ;
l'impression d'un document PDF spécialement construit par ATS peut provoquer l'exécution de code arbitraire ;
l'impression de documents via CUPS à destination d'une imprimante peut permettre sous certaines conditions de récupérer des informations sensibles, y compris si une protection par mot de passe est déployée ;
des vulnérabilités dans le module Flash Player sont corrigées (cf. CERTA-2008-AVI-197) ;
les vulnérabilités détaillées dans l'alerte CERTA-2008-ALE-007 concernant iCal sont corrigées ;
etc.

Solution

Se référer au bulletin de sécurité Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac 0S X versions v10.4.x.
	Apple	N/A	Apple Mac OS X version v10.5.x ;

References

Title

Publication Time

Tags

Mises à jour de sécurité Apple 2008-003 du 28 mai 2008	None	vendor-advisory
Alerte CERTA-2008-ALE-007, « Multiples vulnérabilités dans Apple Ical », du 23 mai 2008 :	-	other
Détails de la mise à jour de sécurité 2008-003 / Mac OS X 10.5.3 :	-	other
Bulletin de sécurité Apple 106704 du 28 mai 2008 :	-	other
Tableau récapitulatif des mises à jour de sécurité pour Mac OS X :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac 0S X versions v10.4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X version v10.5.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es :\n\n-   le serveur AFP (Apple Filing Protocol) ne v\u00e9rifie pas correctement\n    la coh\u00e9rence d\u0027acc\u00e8s entre r\u00e9pertoires et fichiers.\n-   le serveur Apache est mis \u00e0 jour en 2.0.63 pour les versions Mac OS\n    X Server v10.4.x ; nouvelle version qui corrige des vuln\u00e9rabilit\u00e9s\n    permettant des attaques par injection de code indirecte ;\n-   l\u0027impression d\u0027un document PDF sp\u00e9cialement construit par ATS peut\n    provoquer l\u0027ex\u00e9cution de code arbitraire ;\n-   l\u0027impression de documents via CUPS \u00e0 destination d\u0027une imprimante\n    peut permettre sous certaines conditions de r\u00e9cup\u00e9rer des\n    informations sensibles, y compris si une protection par mot de passe\n    est d\u00e9ploy\u00e9e ;\n-   des vuln\u00e9rabilit\u00e9s dans le module Flash Player sont corrig\u00e9es (cf.\n    CERTA-2008-AVI-197) ;\n-   les vuln\u00e9rabilit\u00e9s d\u00e9taill\u00e9es dans l\u0027alerte CERTA-2008-ALE-007\n    concernant iCal sont corrig\u00e9es ;\n-   etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1574"
    },
    {
      "name": "CVE-2008-1032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1032"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2008-1572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1572"
    },
    {
      "name": "CVE-2008-1655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1655"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1575"
    },
    {
      "name": "CVE-2008-1031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1031"
    },
    {
      "name": "CVE-2008-1571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1571"
    },
    {
      "name": "CVE-2008-1027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1027"
    },
    {
      "name": "CVE-2008-1577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1577"
    },
    {
      "name": "CVE-2008-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1576"
    },
    {
      "name": "CVE-2008-1035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1035"
    },
    {
      "name": "CVE-2007-6612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6612"
    },
    {
      "name": "CVE-2005-3357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3357"
    },
    {
      "name": "CVE-2008-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1573"
    },
    {
      "name": "CVE-2008-1036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1036"
    },
    {
      "name": "CVE-2008-1028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1028"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2008-1033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1033"
    },
    {
      "name": "CVE-2007-6019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6019"
    },
    {
      "name": "CVE-2007-5275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5275"
    },
    {
      "name": "CVE-2008-1030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1030"
    },
    {
      "name": "CVE-2008-1578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1578"
    },
    {
      "name": "CVE-2008-1034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1034"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2008-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0177"
    },
    {
      "name": "CVE-2007-6243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6243"
    },
    {
      "name": "CVE-2008-1579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1579"
    },
    {
      "name": "CVE-2008-1580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1580"
    },
    {
      "name": "CVE-2007-6359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6359"
    },
    {
      "name": "CVE-2008-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1654"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2007-0071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0071"
    },
    {
      "name": "CVE-2007-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2007-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
    }
  ],
  "initial_release_date": "2008-05-29T00:00:00",
  "last_revision_date": "2008-05-29T00:00:00",
  "links": [
    {
      "title": "Alerte CERTA-2008-ALE-007, \u00ab Multiples vuln\u00e9rabilit\u00e9s dans    Apple Ical \u00bb, du 23 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-007/"
    },
    {
      "title": "D\u00e9tails de la mise \u00e0 jour de s\u00e9curit\u00e9 2008-003 / Mac OS X    10.5.3 :",
      "url": "http://support.apple.com/kb/HT1897"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 106704 du 28 mai 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=106704"
    },
    {
      "title": "Tableau r\u00e9capitulatif des mises \u00e0 jour de s\u00e9curit\u00e9 pour Mac    OS X :",
      "url": "http://support.apple.com/kb/HT1222?viewlocale=fr_FR"
    }
  ],
  "reference": "CERTA-2008-AVI-278",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es. L\u0027exploitation de ces derni\u00e8res peut avoir\nplusieurs cons\u00e9quences, dont des ex\u00e9cutions de codes arbitraires \u00e0\ndistance.\n",
  "title": "Mutliples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 Apple 2008-003 du 28 mai 2008",
      "url": null
    }
  ]
}

CERTA-2007-AVI-339

Vulnerability from certfr_avis

Plusieurs vulnérabilités sont présentes dans Apache et permettent à un utilisateur local de provoquer un déni de service et à un utilisateur distant de conduire une attaque de type « Cross-Site Scripting ».

Description

Trois vulnérabilités ont été identifiées dans le serveur web Apache :

Une première faille dans les modules mod_status et mod_autoindex permet à un utilisateur distant de conduire une attaque de type « Cross-Site Scripting » ;
une seconde dans le composant MPM (Multi-Processing Module) des versions 2.x de Apache permet à un utilisateur local au serveur de provoquer un arrêt inopiné de Apache ;
une dernière vulnérabilité dans le module mod_cache permet à un utilisateur malintentionné distant de provoquer un arrêt de certains processus fils de Apache. Si le composant MPM (Multi-Processing Module) est utilisé, il est possible de provoquer un arrêt complet de Apache.

Solution

Se référer aux bulletins de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apache	N/A	Apache versions 1.3.37 et antérieures ;
Apache	N/A	Apache versions 2.2.4 et antérieures.
Apache	N/A	Apache versions 2.0.59 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apache du 31 juillet 2007	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2007:0662 du 26 juillet 2007 :	-	other
Bulletins de sécurité Apache du 31 juillet 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0533 du 26 juillet 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0556 du 26 juillet 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:141 du 04 juillet 2007 :	-	other
Bulletins de sécurité Apache du 31 juillet 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0534 du 26 juillet 2007 :	-	other
Bulletins de sécurité Apache du 31 juillet 2007 :	-	other
Bulletin de sécurité Ubuntu USN-499-1 du 16 août 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:140 du 04 juillet 2007 :	-	other
Bulletin de sécurité Gentoo GLSA-200711-06 du 07 novembre 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:142 du 04 juillet 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache versions 1.3.37 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache versions 2.2.4 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache versions 2.0.59 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le serveur web Apache :\n\n-   Une premi\u00e8re faille dans les modules mod_status et mod_autoindex\n    permet \u00e0 un utilisateur distant de conduire une attaque de type \u00ab\n    Cross-Site Scripting \u00bb ;\n-   une seconde dans le composant MPM (Multi-Processing Module) des\n    versions 2.x de Apache permet \u00e0 un utilisateur local au serveur de\n    provoquer un arr\u00eat inopin\u00e9 de Apache ;\n-   une derni\u00e8re vuln\u00e9rabilit\u00e9 dans le module mod_cache permet \u00e0 un\n    utilisateur malintentionn\u00e9 distant de provoquer un arr\u00eat de certains\n    processus fils de Apache. Si le composant MPM (Multi-Processing\n    Module) est utilis\u00e9, il est possible de provoquer un arr\u00eat complet\n    de Apache.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
    },
    {
      "name": "CVE-2007-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
    },
    {
      "name": "CVE-2007-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
    },
    {
      "name": "CVE-2006-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
    }
  ],
  "initial_release_date": "2007-08-01T00:00:00",
  "last_revision_date": "2007-11-07T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0662 du 26 juillet    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0662.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Apache du 31 juillet 2007 :",
      "url": "http://httpd.apache.org/security/vulnerabilities_20.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0533 du 26 juillet    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0533.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0556 du 26 juillet    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0556.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:141 du 04 juillet    2007 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:141"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Apache du 31 juillet 2007 :",
      "url": "http://httpd.apache.org/security/vulnerabilities_13.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0534 du 26 juillet    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0534.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Apache du 31 juillet 2007 :",
      "url": "http://httpd.apache.org/security/vulnerabilities_22.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-499-1 du 16 ao\u00fbt 2007 :",
      "url": "http://www.ubuntu.com/usn/usn-499-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:140 du 04 juillet    2007 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200711-06 du 07 novembre    2007 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-06.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:142 du 04 juillet    2007 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142"
    }
  ],
  "reference": "CERTA-2007-AVI-339",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-08-01T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Ubuntu.",
      "revision_date": "2007-08-22T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence CVE-2007-4465 et de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.",
      "revision_date": "2007-11-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Apache et permettent \u00e0 un\nutilisateur local de provoquer un d\u00e9ni de service et \u00e0 un utilisateur\ndistant de conduire une attaque de type \u003cspan class=\"textit\"\u003e\u00ab\nCross-Site Scripting \u00bb\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apache du 31 juillet 2007",
      "url": null
    }
  ]
}

CERTA-2009-AVI-257

Vulnerability from certfr_avis

Plusieurs vulnérabilités de HP-UX Apache Web Server Suite permettent de réaliser un déni de service à distance et d'exécuter du code arbitraire à distance.

Description

De multiples vulnérabilités liées au langage PHP, au serveur Web Apache et aux moteurs de servlet basés sur celui de Tomcat permettent à un individu distant de réaliser un déni de service ou d'exécuter du code arbitraire. Ces vulnérabilités ont été décrites dans les avis précédents du CERTA.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	N/A	Apache Web Server Suite versions antérieures à v3.05 (HP-UX 11iv2 et 11iv3) ;
	Apache	N/A	Apache Web Server Suite versions antérieures à v2.25 (HP-UX 11iv1).

References

Title

Publication Time

Tags

Bulletin de sécurité HP c01756421 du 29 juin 2009	None	vendor-advisory
Avis CERTA-2008-AVI-417 du 08 août 2008 :	-	other
Avis CERTA-2008-AVI-225 du 02 mai 2008 :	-	other
Avis CERTA-2008-AVI-011 du 09 janvier 2008 :	-	other
Avis CERTA-2009-AVI-083 du 03 mars 2009 :	-	other
Avis CERTA-2007-AVI-339 du 08 novembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache Web Server Suite versions ant\u00e9rieures \u00e0 v3.05 (HP-UX 11iv2 et 11iv3) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Web Server Suite versions ant\u00e9rieures \u00e0 v2.25 (HP-UX 11iv1).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s li\u00e9es au langage PHP, au serveur Web Apache\net aux moteurs de servlet bas\u00e9s sur celui de Tomcat permettent \u00e0 un\nindividu distant de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire. Ces vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9crites dans les avis pr\u00e9c\u00e9dents\ndu CERTA.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2008-5625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5625"
    },
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-2168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2168"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3959"
    },
    {
      "name": "CVE-2008-5498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2008-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2008-5624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5624"
    },
    {
      "name": "CVE-2008-5658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
    },
    {
      "name": "CVE-2007-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
    }
  ],
  "initial_release_date": "2009-06-30T00:00:00",
  "last_revision_date": "2009-06-30T00:00:00",
  "links": [
    {
      "title": "Avis CERTA-2008-AVI-417 du 08 ao\u00fbt 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-417"
    },
    {
      "title": "Avis CERTA-2008-AVI-225 du 02 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-225"
    },
    {
      "title": "Avis CERTA-2008-AVI-011 du 09 janvier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-011"
    },
    {
      "title": "Avis CERTA-2009-AVI-083 du 03 mars 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-083"
    },
    {
      "title": "Avis CERTA-2007-AVI-339 du 08 novembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-339"
    }
  ],
  "reference": "CERTA-2009-AVI-257",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eHP-UX Apache Web Server\nSuite\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service \u00e0 distance et\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9 de HP-UX Apache Web Server Suite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01756421 du 29 juin 2009",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01756421"
    }
  ]
}

cve-2007-4465

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2009-11-16 11:52

Severity ?

() - -

Summary

Apache UTF-7 Encoding Cross-Site Scripting Vulnerability

Details

The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.

References

Type

URL

	JVNTR	http://jvn.jp/en/tr/TRTA08-150A/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA08-150A.html
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA08-150A.html
	BID	http://www.securityfocus.com/bid/25653
	XF	http://xforce.iss.net/xforce/xfdb/36586
	SECTRACK	http://www.securitytracker.com/id?1019194
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Apache Software Foundation	Apache HTTP Server
	FUJITSU	Interstage Application Framework Suite
	FUJITSU	Interstage Application Server
	FUJITSU	Interstage Apworks
	FUJITSU	Interstage Business Application Server
	FUJITSU	Interstage Job Workload Server
	FUJITSU	Interstage Studio
	FUJITSU	Interstage Web Server
	FUJITSU	Systemwalker Resource Coordinator
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server
	Hitachi, Ltd	uCosminexus Service
	Apple Inc.	Apple Mac OS X Server
	Hewlett-Packard Development Company,L.P	HP-UX
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop
	Red Hat, Inc.	Red Hat Linux Advanced Workstation
	Red Hat, Inc.	RHEL Desktop Workstation
	Turbolinux, Inc.	Turbolinux Appliance Server
	Turbolinux, Inc.	Turbolinux FUJI
	Turbolinux, Inc.	Turbolinux Multimedia
	Turbolinux, Inc.	Turbolinux Personal
	Turbolinux, Inc.	Turbolinux Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html",
  "dc:date": "2009-11-16T11:52+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2009-11-16T11:52+09:00",
  "description": "The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:http_server",
      "@product": "Apache HTTP Server",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
      "@product": "Interstage Application Framework Suite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_apworks",
      "@product": "Interstage Apworks",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_job_workload_server",
      "@product": "Interstage Job Workload Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_web_server",
      "@product": "Interstage Web Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
      "@product": "Systemwalker Resource Coordinator",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service",
      "@product": "uCosminexus Service",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
      "@product": "Turbolinux Appliance Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-001022",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/tr/TRTA08-150A/index.html",
      "@id": "TRTA08-150A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465",
      "@id": "CVE-2007-4465",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465",
      "@id": "CVE-2007-4465",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
      "@id": "SA08-150A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
      "@id": "TA08-150A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/25653",
      "@id": "25653",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/36586",
      "@id": "36586",
      "@source": "XF"
    },
    {
      "#text": "http://www.securitytracker.com/id?1019194",
      "@id": "1019194",
      "@source": "SECTRACK"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Apache UTF-7 Encoding Cross-Site Scripting Vulnerability"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-4465 (GCVE-0-2007-4465)

Vulnerability from cvelistv5

CERTA-2008-AVI-278

Vulnerability from certfr_avis

Description

Solution

CERTA-2007-AVI-339

Vulnerability from certfr_avis

Description

Solution

CERTA-2009-AVI-257

Vulnerability from certfr_avis

Description

Solution

cve-2007-4465

Vulnerability from jvndb

Tags

Sightings

Nomenclature