Lucene search

[email protected]CVE-2007-6342

HistoryDec 13, 2007 - 9:46 p.m.

CVE-2007-6342

2007-12-1321:46:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-6342

sql injection

authcas.pm

apache http server

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.2%

JSON

SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.

Affected configurations

NVD

Node

david_castroapache_authcasMatch0.4

CPENameOperatorVersion
david_castro:apache_authcasdavid castro apache authcaseq0.4

CPE	Name	Operator	Version
david_castro:apache_authcas	david castro apache authcas	eq	0.4

References

search.cpan.org/src/DCASTRO/Apache-AuthCAS-0.5/Changes

secunia.com/advisories/29492

securityreason.com/securityalert/3439

www.securityfocus.com/archive/1/484711/100/0/threaded

www.securityfocus.com/archive/1/489993/100/0/threaded

www.securityfocus.com/bid/26762

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.2%

JSON

Related for CVE-2007-6342

cvelist1 seebug1 nvd1 prion1