CVE-2007-3008
Published Jun 4, 2007
Last updated 7 years ago
Overview
- Description
- Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Vendor comments
- Red HatThe Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F033C9F0-7F7B-41A9-9F64-74E61738540A"
},
{
"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9D1ABC1-7BB1-450B-96A7-FCECC6ADEF5C"
},
{
"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA0D3EAF-BC9E-4ADD-92CE-9CA29D1AD868"
},
{
"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5283B862-1325-49C7-961D-52BDD3616B33"
},
{
"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1381FB59-0520-4620-8B92-FDB3EDE4A5D7"
},
{
"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CD4B710-951B-4CF3-9E34-D7AF33B4A25A"
},
{
"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33ECBD48-2547-4482-8AFD-96D08390A06E"
},
{
"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "370B4D32-536C-4BC5-AF68-8851C3C8B55C"
},
{
"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76D650D5-588D-42A7-8ACF-37BEA78A7A8D"
},
{
"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54CB5569-3E74-4ADB-A286-E085717C00D7"
}
],
"operator": "OR"
}
]
}
]