Lucene search
GitHub Advisory DatabaseGHSA-384C-GG34-G96HHistoryMay 01, 2022 - 5:42 p.m.
Incorrect Authorization in Getahead Direct Web Remoting
2022-05-0117:42:17
CWE-863
GitHub Advisory Database
github.com
18
getahead direct web remoting
incorrect authorization
unauthorized access
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.016
Percentile
87.4%
Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.
Affected configurations
Node
org.directwebremotingdwrRange<1.1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.directwebremoting | dwr | * | cpe:2.3:a:org.directwebremoting:dwr:*:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2007-01-12 05:04:00
cvelist
cvelist
CVE-2007-0184
2007-01-11 02:00:00
nvd
nvd
CVE-2007-0184
2007-01-12 05:04:00
osv
osv
Incorrect Authorization in Getahead Direct Web Remoting
2022-05-01 17:42:17
cve
cve
CVE-2007-0184
2007-01-12 05:04:00
openvas
openvas
SLES10: Security update for Websphere Community Edition
2009-10-13 00:00:00
SLES10: Security update for Websphere Community Edition
2009-10-13 00:00:00
SUSE: Security Summary (SUSE-SR:2009:004)
2009-02-18 00:00:00
nessus
nessus
securityvulns
securityvulns
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.016
Percentile
87.4%
Related for GHSA-384C-GG34-G96H