CVE-2007-0313

Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html	Patch
http://osvdb.org/32821
http://secunia.com/advisories/23749	Vendor Advisory
http://www.vupen.com/english/advisories/2007/0207
https://exchange.xforce.ibmcloud.com/vulnerabilities/31516
http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html	Patch
http://osvdb.org/32821
http://secunia.com/advisories/23749	Vendor Advisory
http://www.vupen.com/english/advisories/2007/0207
https://exchange.xforce.ibmcloud.com/vulnerabilities/31516

Configurations

Configuration 1 (hide)

cpe:2.3:a:gonicus:gonicus_system_administration:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:25

Type	Values Removed	Values Added
References	~~() http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html - Patch~~	() http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html - Patch
References	~~() http://osvdb.org/32821 -~~	() http://osvdb.org/32821 -
References	~~() http://secunia.com/advisories/23749 - Vendor Advisory~~	() http://secunia.com/advisories/23749 - Vendor Advisory
References	~~() http://www.vupen.com/english/advisories/2007/0207 -~~	() http://www.vupen.com/english/advisories/2007/0207 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/31516 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/31516 -

Information

Published : 2007-01-18 00:28

Updated : 2024-11-21 00:25

NVD link : CVE-2007-0313

Mitre link : CVE-2007-0313

CVE.ORG link : CVE-2007-0313

JSON object : View

Products Affected

gonicus

gonicus_system_administration

CWE

NVD-CWE-Other

{"id": "CVE-2007-0313", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-18T00:28:00.000", "references": [{"url": "http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/32821", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23749", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0207", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31516", "source": "cve@mitre.org"}, {"url": "http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/32821", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23749", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0207", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31516", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en el GONICUS System Administration (GOsa) anterior al 2.5.8 permite a usuarios remotos autenticados modificar ciertas configuraciones, incluida la contrase\u00f1a del administrador (admin), mediante peticiones POST modificadas."}], "lastModified": "2024-11-21T00:25:33.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gonicus:gonicus_system_administration:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF147EDE-38D8-4223-87DF-C1B5635484A8", "versionEndIncluding": "2.5.7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}