CVE-2007-2079
Published Apr 18, 2007
Last updated 7 years ago
Overview
- Description
- The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- -
- Impact
- Failed exploit attempts will likely crash the webserver, denying service to legitimate users. Additionally, this issue is remotely exploitable only if the installation is not secured as described in the manual.
- Solution
- Failed exploit attempts will likely crash the webserver, denying service to legitimate users. Additionally, this issue is remotely exploitable only if the installation is not secured as described in the manual.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xampp:apache_distribution:*:*:windows:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACAB22B5-2307-46EC-ADE3-5974AD96FA52",
"versionEndIncluding": "1.6.0a"
}
],
"operator": "OR"
}
]
}
]