4.3
CVE-2007-0044
- EPSS 55.47%
- Veröffentlicht 03.01.2007 21:28:00
- Zuletzt bearbeitet 16.06.2026 22:34:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Acrobat Reader Version <= 7.0.8
Adobe ≫ Acrobat Reader Version6.0
Adobe ≫ Acrobat Reader Version6.0.1
Adobe ≫ Acrobat Reader Version6.0.2
Adobe ≫ Acrobat Reader Version6.0.3
Adobe ≫ Acrobat Reader Version6.0.4
Adobe ≫ Acrobat Reader Version6.0.5
Adobe ≫ Acrobat Reader Version7.0
Adobe ≫ Acrobat Reader Version7.0.1
Adobe ≫ Acrobat Reader Version7.0.2
Adobe ≫ Acrobat Reader Version7.0.3
Adobe ≫ Acrobat Reader Version7.0.4
Adobe ≫ Acrobat Reader Version7.0.5
Adobe ≫ Acrobat Reader Version7.0.6
Adobe ≫ Acrobat Reader Version7.0.7
Adobe ≫ Acrobat Reader Version7.0.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 55.47% | 0.989 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://secunia.com/advisories/23812
http://secunia.com/advisories/23882
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://secunia.com/advisories/29065
http://securityreason.com/securityalert/2090
http://securitytracker.com/id?1017469
http://www.redhat.com/support/errata/RHSA-2008-0144.html
http://www.securityfocus.com/archive/1/455801/100/0/threaded
http://www.securityfocus.com/bid/21858
http://www.vupen.com/english/advisories/2007/0032
http://www.wisec.it/vulns.php?page=9
https://exchange.xforce.ibmcloud.com/vulnerabilities/31266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042