4.3
CVE-2007-5119
- EPSS 1.3%
- Veröffentlicht 27.09.2007 17:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginJSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sensitive information (full path) via an invalid integer in the version parameter to the default URI under attach/Main/.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.3% | 0.666 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066096.html
http://secunia.com/advisories/26961
http://securityreason.com/securityalert/3167
http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLog
http://www.securityfocus.com/archive/1/480570/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/36768