CVE-2007-2907

Current Description

Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting (XSS) or HTTP request smuggling.

Referenced by CVEs:CVE-2007-5832

Basic Data

PublishedMay 30, 2007
Last ModifiedApril 07, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.9
SeverityMEDIUM
Exploitability Score6.8
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSsl-explorerSsl-explorer********0.2.12

Vulnerable Software List

VendorProductVersions
Ssl-explorer Ssl-explorer *

References

NameSourceURLTags
36913http://osvdb.org/36913OSVDB
36915http://osvdb.org/36915OSVDB
25512http://secunia.com/advisories/25512SECUNIAVendor Advisory
http://sourceforge.net/forum/forum.php?forum_id=690648http://sourceforge.net/forum/forum.php?forum_id=690648CONFIRMPATCH
24319http://www.securityfocus.com/bid/24319BID
ADV-2007-2057http://www.vupen.com/english/advisories/2007/2057VUPENVendor Advisory