CVE-2007-1830 - Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 al

CVE-2007-1830

Summary

Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch", and possibly related to copying files to the user-lib and the "XSS and cookies exploit."

References

Vulnerable Configurations

cpe:2.3:a:web-app.org:webapp:0.9.9.6:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.6:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 13-11-2008 - 06:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

confirm	http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=259
misc	http://www.web-app.net/cgi-bin/index.cgi?action=viewnews&id=20
osvdb	35212

Last major update

13-11-2008 - 06:36

Published

03-04-2007 - 00:19

Last modified

13-11-2008 - 06:36