Lucene search

[email protected]CVE-2007-6496

HistoryDec 20, 2007 - 8:46 p.m.

CVE-2007-6496

2007-12-2020:46:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-6496

nvd

hosting controller

remote attackers

arbitrary users

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.085 Low

EPSS

Percentile

94.5%

JSON

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.

Affected configurations

NVD

Node

hosting_controllerhosting_controllerMatch6.1_hotfix_3.3

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllereq6.1_hotfix_3.3

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	eq	6.1_hotfix_3.3

References

hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html

secunia.com/advisories/28973

securityreason.com/securityalert/3474

securitytracker.com/id?1019222

www.securityfocus.com/archive/1/485028/100/0/threaded

www.securityfocus.com/bid/26862

exchange.xforce.ibmcloud.com/vulnerabilities/39038

www.exploit-db.com/exploits/4730

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.085 Low

EPSS

Percentile

94.5%

JSON

Related for CVE-2007-6496

cvelist2 prion1 nvd2 nessus1 cve1