CVE-2007-4202

Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf
http://www.kb.cert.org/vuls/id/912593	US Government Resource
http://www.securityfocus.com/archive/1/474809/100/0/threaded
http://www.securityfocus.com/archive/1/475335/100/0/threaded
http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf
http://www.kb.cert.org/vuls/id/912593	US Government Resource
http://www.securityfocus.com/archive/1/474809/100/0/threaded
http://www.securityfocus.com/archive/1/475335/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:guidance_software:encase:6.0:*:enterprise_edition:*:*:*:*:*

History

21 Nov 2024, 00:35

Type	Values Removed	Values Added
References	~~() http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf -~~	() http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf -
References	~~() http://www.kb.cert.org/vuls/id/912593 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/912593 - US Government Resource
References	~~() http://www.securityfocus.com/archive/1/474809/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/474809/100/0/threaded -
References	~~() http://www.securityfocus.com/archive/1/475335/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/475335/100/0/threaded -

Information

Published : 2007-08-08 01:17

Updated : 2024-11-21 00:35

NVD link : CVE-2007-4202

Mitre link : CVE-2007-4202

CVE.ORG link : CVE-2007-4202

JSON object : View

Products Affected

guidance_software

encase

CWE

NVD-CWE-Other

{"id": "CVE-2007-4202", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-08T01:17:00.000", "references": [{"url": "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/912593", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/474809/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/475335/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/912593", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/474809/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/475335/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image."}, {"lang": "es", "value": "Guidance Software EnCase Enterprise Edition (EEE) 6 no verifica adecuadamente la identidad del objetivo de la adquisici\u00f3n durante la comunicaci\u00f3n con el Servlet Encase (EEE servlet), lo cual podr\u00eda permitir a atacantes remotos falsificar la imagen de disco."}], "lastModified": "2024-11-21T00:35:01.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:guidance_software:encase:6.0:*:enterprise_edition:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C99B6C-BA2F-4567-AF4E-456BFB77060A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}