1. CVE-Search
  2. CVE-2007-3011
ID CVE-2007-3011
Summary The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:fujitsu:serverview:2.50:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:2.50:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:3.60l98:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:3.60l98:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:3.60l99:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:3.60l99:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.10l11:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.10l11:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.11l11b:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.11l11b:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.11l81:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.11l81:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.1:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.2:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.3:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.4:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.5:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.6:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.7:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.7:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.8:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.8:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.9:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.9:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.10:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.10:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.11:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.11:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.12:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.12:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.30.13:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.30.13:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.40.1:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.40.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.40.2:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.40.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.40.3:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.40.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.40.4:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.40.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.40.5:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.40.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.40.6:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.40.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.50.2:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.50.2:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.50.3:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.50.3:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.50.4:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.50.4:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.50.5:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.50.5:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.50.6:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.50.6:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.50.7:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.50.7:*:*:*:*:*:*:*
  • cpe:2.3:a:fujitsu:serverview:4.50.8:*:*:*:*:*:*:*
    cpe:2.3:a:fujitsu:serverview:4.50.8:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 24762
bugtraq 20070704 Fujitsu-Siemens ServerView Remote Command Execution
misc http://www.redteam-pentesting.de/advisories/rt-sa-2007-002.php
osvdb 37835
secunia 25944
sreason 2858
vupen ADV-2007-2441
xf serverview-servername-command-execution(35257)
Last major update 16-10-2018 - 16:46
Published 05-07-2007 - 19:30
Last modified 16-10-2018 - 16:46
Back to Top