CVE-2007-3911

Published Jul 30, 2007

Last updated 6 years ago

Overview

Description: Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bakbone:netvault_reporter:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7A050E1-A927-4907-944D-66645536CFF6",
            "versionEndIncluding": "3.5update3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References