CVE-2007-0930 - Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary

CVE-2007-0930

Summary

Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.

References

http://sourceforge.net/forum/forum.php?forum_id=660919
http://www.securityfocus.com/bid/22388
http://www.vupen.com/english/advisories/2007/0559

Vulnerable Configurations

cpe:2.3:a:apache_stats:apache_stats:0.0.1_beta:*:*:*:*:*:*:*
cpe:2.3:a:apache_stats:apache_stats:0.0.1_beta:*:*:*:*:*:*:*
cpe:2.3:a:apache_stats:apache_stats:0.0.2_beta:*:*:*:*:*:*:*
cpe:2.3:a:apache_stats:apache_stats:0.0.2_beta:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 08-03-2011 - 02:50)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	22388
confirm	http://sourceforge.net/forum/forum.php?forum_id=660919
vupen	ADV-2007-0559

Last major update

08-03-2011 - 02:50

Published

14-02-2007 - 11:28

Last modified

08-03-2011 - 02:50