CVE-2007-1043 - OpenCVE

Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Windriver	Bsdos
Ezboo	Webstats
Microsoft	Windows 98se Windows Me Windows 95 Windows 98 Windows 2000 Windows 2003 Server Windows Xp Windows Nt
Ibm	Os2 Aix
Santa Cruz Operation	Sco Unix
Hp	Tru64 Hp-ux
Sun	Solaris
Apple	Mac Os X

Configuration 1 [-]

AND

OR	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*
	cpe:2.3:o:hp:hp-ux::::::::
	cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:::::::*
	cpe:2.3:o:ibm:aix::::::::
	cpe:2.3:o:ibm:os2::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_2003_server:sp2:::::::*
	cpe:2.3:o:microsoft:windows_95::::::::
	cpe:2.3:o:microsoft:windows_98::gold::::::*
	cpe:2.3:o:microsoft:windows_98se::::::::
	cpe:2.3:o:microsoft:windows_me::::::::
	cpe:2.3:o:microsoft:windows_nt:4.0:::::::*
	cpe:2.3:o:microsoft:windows_xp::gold::::::*
	cpe:2.3:o:santa_cruz_operation:sco_unix::::::::
	cpe:2.3:o:sun:solaris::::::::
	cpe:2.3:o:windriver:bsdos::::::::

cpe:2.3:a:ezboo:webstats:3.0.3:*:*:*:*:*:*:*

References

Link	Resource
http://forums.avenir-geopolitique.net/viewtopic.php?t=2674	Exploit Vendor Advisory
http://osvdb.org/34181
http://securityreason.com/securityalert/2275
http://www.securityfocus.com/archive/1/460325/100/0/threaded
http://www.securityfocus.com/bid/22590
https://exchange.xforce.ibmcloud.com/vulnerabilities/32563

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-21T17:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-02-21T00:00:00

Link: CVE-2007-1043

JSON object: View

NVD Information

Status : Modified

Published: 2007-02-21T17:28:00.000

Modified: 2018-10-16T16:36:27.717

Link: CVE-2007-1043

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-15T00:00:00", "descriptions": [{"lang": "en", "value": "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674"}, {"name": "20070215 Ezboo webstats acces to sensitive files", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/460325/100/0/threaded"}, {"name": "ezboo-update-unauthorized-access(32563)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563"}, {"name": "34181", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34181"}, {"name": "2275", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2275"}, {"name": "22590", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22590"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1043", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", "refsource": "MISC", "url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674"}, {"name": "20070215 Ezboo webstats acces to sensitive files", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/460325/100/0/threaded"}, {"name": "ezboo-update-unauthorized-access(32563)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563"}, {"name": "34181", "refsource": "OSVDB", "url": "http://osvdb.org/34181"}, {"name": "2275", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2275"}, {"name": "22590", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22590"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1043", "datePublished": "2007-02-21T17:00:00", "dateReserved": "2007-02-21T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9", "vulnerable": false}, {"criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false}, {"criteria": "cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", "matchCriteriaId": "5F6E90A8-BF8E-46AD-A0E6-4266EE0AE70C", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", "matchCriteriaId": "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", "vulnerable": false}, {"criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", "vulnerable": false}, {"criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false}, {"criteria": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", "matchCriteriaId": "60ACA374-1434-4C02-8327-17BC9C000B65", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ezboo:webstats:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E4F3346B-0AB1-4200-BF60-29392FB1EEB7", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php."}, {"lang": "es", "value": "Ezboo webstats, posiblemente la 3.0.3, permite a atacantes remotos evitar la autenticaci\u00f3n y obtener una v\u00eda de acceso mediante una petici\u00f3n directa al (1) update.php y (2) config.php."}], "id": "CVE-2007-1043", "lastModified": "2018-10-16T16:36:27.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-21T17:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34181"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2275"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/460325/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22590"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}