Lucene search

MitreCVE-2008-0701

HistoryFeb 12, 2008 - 1:00 a.m.

CVE-2008-0701

2008-02-1201:00:00

CWE-264

mitre

web.nvd.nist.gov

magnolia

remote code execution

cve-2008-0701

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.

Affected configurations

Nvd

Node

magnoliaceMatch3.5.1

magnoliaceMatch3.5.2

magnoliaceMatch3.5.3

VendorProductVersionCPE
magnoliace3.5.1cpe:2.3:a:magnolia:ce:3.5.1:*:*:*:*:*:*:*
magnoliace3.5.2cpe:2.3:a:magnolia:ce:3.5.2:*:*:*:*:*:*:*
magnoliace3.5.3cpe:2.3:a:magnolia:ce:3.5.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
magnolia	ce	3.5.1	cpe:2.3:a:magnolia:ce:3.5.1:::::::*
magnolia	ce	3.5.2	cpe:2.3:a:magnolia:ce:3.5.2:::::::*
magnolia	ce	3.5.3	cpe:2.3:a:magnolia:ce:3.5.3:::::::*

References

jira.magnolia.info/browse/MAGNOLIA-2021

secunia.com/advisories/28745

sourceforge.net/project/shownotes.php?release_id=573088

www.securityfocus.com/bid/27608

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Related for CVE-2008-0701