CVE-2007-2197 - OpenCVE

Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Brettle Development	Neatupload

Configuration 1 [-]

OR	cpe:2.3:a:brettle_development:neatupload:1.1.18:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.1.19:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.1.20:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.1.21:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.1.22:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.1.23:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.2.11:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.2.12:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.2.13:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.2.14:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.2.15:::::::*
	cpe:2.3:a:brettle_development:neatupload:1.2.16:::::::*
	cpe:2.3:a:brettle_development:neatupload:trunk.379:::::::*
	cpe:2.3:a:brettle_development:neatupload:trunk.380:::::::*
	cpe:2.3:a:brettle_development:neatupload:trunk.381:::::::*

References

Link	Resource
http://secunia.com/advisories/25003	Vendor Advisory
http://www.securityfocus.com/archive/1/466404/100/0/threaded
http://www.securityfocus.com/bid/23578
https://exchange.xforce.ibmcloud.com/vulnerabilities/33785

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-24T17:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-04-24T00:00:00

Link: CVE-2007-2197

JSON object: View

NVD Information

Status : Modified

Published: 2007-04-24T17:19:00.000

Modified: 2018-10-16T16:42:27.493

Link: CVE-2007-2197

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-20T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23578", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23578"}, {"name": "neatupload-responses-information-disclosure(33785)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33785"}, {"name": "20070420 NeatUpload vulnerability and fix", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/466404/100/0/threaded"}, {"name": "25003", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25003"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2197", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23578", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23578"}, {"name": "neatupload-responses-information-disclosure(33785)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33785"}, {"name": "20070420 NeatUpload vulnerability and fix", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/466404/100/0/threaded"}, {"name": "25003", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25003"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2197", "datePublished": "2007-04-24T17:00:00", "dateReserved": "2007-04-24T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brettle_development:neatupload:1.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "F28F8C39-7E65-46F9-A547-15527BC66308", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "E49C50FE-3B50-4F39-BEC1-0A61DC6ACDEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "CC172C30-0C37-4521-877F-F678274C05B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "78B684B3-07E2-4EFE-8EF0-706D77DDFC96", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.1.22:*:*:*:*:*:*:*", "matchCriteriaId": "4D8755BF-9D57-4FEE-91F1-FC224DBA431D", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.1.23:*:*:*:*:*:*:*", "matchCriteriaId": "4E95B64F-A426-412D-84FC-718AC2B8F89C", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "BC7D3A35-F650-4F1B-8022-56E46BB95039", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "1A8F8C7D-199D-4559-A5AD-70B8DC0C6C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "0C30F900-F512-43ED-94B5-B16DC21BA826", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "D911C642-075B-4E23-ADF7-EC2466F2DEC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "F562D423-0FA7-4300-BF22-A296E137207D", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:1.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "74941D91-0096-4777-BDBE-B372393A4D73", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:trunk.379:*:*:*:*:*:*:*", "matchCriteriaId": "84DA305C-53E1-493B-9D25-54E4310A0DF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:trunk.380:*:*:*:*:*:*:*", "matchCriteriaId": "4DB653CC-3D09-473F-A559-4410B9CAB53F", "vulnerable": true}, {"criteria": "cpe:2.3:a:brettle_development:neatupload:trunk.381:*:*:*:*:*:*:*", "matchCriteriaId": "F5358BDA-7937-451D-959E-704463D1D556", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request."}, {"lang": "es", "value": "Condici\u00f3n de carrera en el componente NeatUpload ASP.NET 1.2.11 hasta el 1.2.16, 1.1.18 hasta el 1.1.23, y trunk.379 hasta trunk.445 permite a atacantes remotos obtener informaci\u00f3n de otros clientes HTTP a trav\u00e9s de m\u00faltiples respuestas simultaneas de clientes, lo cual dispara m\u00faltiples llamadas en HttpWorkerRequest.FlushResponse para el mismo objeto HttpWorkerRequest y provoca un buffer sea reutilizado para diferentes respuestas."}], "id": "CVE-2007-2197", "lastModified": "2018-10-16T16:42:27.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-24T17:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25003"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/466404/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23578"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33785"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}