Lucene search
HistoryJun 04, 2007 - 5:30 p.m.
CVE-2007-3008
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.008
Percentile
81.9%
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
Affected configurations
Node
mbedthis_softwarembedthis_appweb_http_serverMatch2.0.0
ORmbedthis_softwarembedthis_appweb_http_serverMatch2.0.1
ORmbedthis_softwarembedthis_appweb_http_serverMatch2.0.2
ORmbedthis_softwarembedthis_appweb_http_serverMatch2.0.3
ORmbedthis_softwarembedthis_appweb_http_serverMatch2.0.4
ORmbedthis_softwarembedthis_appweb_http_serverMatch2.0.5
ORmbedthis_softwarembedthis_appweb_http_serverMatch2.1.0
ORmbedthis_softwarembedthis_appweb_http_serverMatch2.1.1
ORmbedthis_softwarembedthis_appweb_http_serverMatch2.2.0
ORmbedthis_softwarembedthis_appweb_http_serverMatch2.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mbedthis_software | mbedthis_appweb_http_server | 2.0.0 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.0:*:*:*:*:*:*:* |
| mbedthis_software | mbedthis_appweb_http_server | 2.0.1 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.1:*:*:*:*:*:*:* |
| mbedthis_software | mbedthis_appweb_http_server | 2.0.2 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.2:*:*:*:*:*:*:* |
| mbedthis_software | mbedthis_appweb_http_server | 2.0.3 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.3:*:*:*:*:*:*:* |
| mbedthis_software | mbedthis_appweb_http_server | 2.0.4 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.4:*:*:*:*:*:*:* |
| mbedthis_software | mbedthis_appweb_http_server | 2.0.5 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.5:*:*:*:*:*:*:* |
| mbedthis_software | mbedthis_appweb_http_server | 2.1.0 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.1.0:*:*:*:*:*:*:* |
| mbedthis_software | mbedthis_appweb_http_server | 2.1.1 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.1.1:*:*:*:*:*:*:* |
| mbedthis_software | mbedthis_appweb_http_server | 2.2.0 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.2.0:*:*:*:*:*:*:* |
| mbedthis_software | mbedthis_appweb_http_server | 2.2.1 | cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.2.1:*:*:*:*:*:*:* |
Related
cve
cve
redhatcve
redhatcve
CVE-2007-3008
2015-10-30 09:28:33
CVE-2004-2320
2015-10-30 09:39:58
prion
prion
Cross site scripting
2007-06-04 17:30:00
Design/Logic Flaw
2010-01-25 19:30:00
Design/Logic Flaw
2010-01-25 19:30:00
cvelist
cvelist
nessus
nessus
HTTP Reverse Proxy Detection (Deprecated)
2002-07-02 00:00:00
WebLogic < 8.1 SP3 Multiple Vulnerabilities
2004-09-14 00:00:00
Solaris 9 (sparc) : 116807-02
2004-07-12 00:00:00
f5
f5
K15904 : Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
SOL15904 - Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
metasploit
metasploit
HTTP Cross-Site Tracing Detection
2011-11-03 20:09:11
HTTP Options Detection
2009-04-13 14:33:26
nvd
nvd
openvas
openvas
Solaris Update for /usr/sadm/lib/smc/lib/preload/jsdk21.jar 116808-02
2009-06-03 00:00:00
Solaris Update for /usr/sadm/lib/smc/lib/preload/jsdk21.jar 116807-02
2009-06-03 00:00:00
Solaris Update for /usr/sadm/lib/smc/lib/preload/jsdk21.jar 116807-02
2009-06-03 00:00:00
pentestpartners
pentestpartners
Vulnerabilities that arenβt. Cross Site Tracing / XST
2022-01-25 06:08:46
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.1
Confidence
Low
EPSS
0.008
Percentile
81.9%
Related for NVD:CVE-2007-3008