CVE-2007-3008

Published Jun 4, 2007

Last updated 8 years ago

CVSS info 4.3

Overview

Description: Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Vendor comments

Red HatThe Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F033C9F0-7F7B-41A9-9F64-74E61738540A"
          },
          {
            "criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9D1ABC1-7BB1-450B-96A7-FCECC6ADEF5C"
          },
          {
            "criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA0D3EAF-BC9E-4ADD-92CE-9CA29D1AD868"
          },
          {
            "criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5283B862-1325-49C7-961D-52BDD3616B33"
          },
          {
            "criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1381FB59-0520-4620-8B92-FDB3EDE4A5D7"
          },
          {
            "criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CD4B710-951B-4CF3-9E34-D7AF33B4A25A"
          },
          {
            "criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33ECBD48-2547-4482-8AFD-96D08390A06E"
          },
          {
            "criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "370B4D32-536C-4BC5-AF68-8851C3C8B55C"
          },
          {
            "criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76D650D5-588D-42A7-8ACF-37BEA78A7A8D"
          },
          {
            "criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54CB5569-3E74-4ADB-A286-E085717C00D7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References