CVE-2007-2713 - ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are

CVE-2007-2713

Summary

ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.

References

Vulnerable Configurations

cpe:2.3:a:ifusionservices:ifdate:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ifusionservices:ifdate:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ifusionservices:ifdate:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ifusionservices:ifdate:2.0.3:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 16-10-2018 - 16:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	23971
bugtraq	20070513 ifdate 2.* unauthorized administrative access bug
misc	http://www.expw0rm.com/ifdate-2-unauthorized-administrative-access-bug_no285.html
osvdb	36173
secunia	25237
sreason	2707
xf	ifdate2-admin-auth-bypass(34257)

Last major update

16-10-2018 - 16:45

Published

16-05-2007 - 10:19

Last modified

16-10-2018 - 16:45