CVE-2007-4909

Published Sep 17, 2007

Last updated 6 years ago

Overview

Description: Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "833B5B6D-9A6B-4F25-81B0-F27D82940F8D"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:3.5.5_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1441C593-8BA8-4D10-BE13-4D4D01B5ACB9"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:3.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FEE92BE-F80D-481E-95DF-2C33E8DE3D3B"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61A75DF1-1A3E-4898-B7A6-750F9FA8D1A6"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79C692ED-9C28-4CAA-B72A-4CCC78AE8680"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:3.6.5_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D214F458-12B5-4280-AF10-33426933992E"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:3.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD7FE4B2-2433-4B7F-BFA2-DCDEC32F329E"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:3.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B57BACA5-6820-48BB-906F-6AA010429F18"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA9F9BEF-14B6-429B-915F-45958C568F76"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89254511-B715-4515-AA6F-86133A2182CD"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDD786A3-A146-4E4B-90C4-D9F8A2E7D986"
          },
          {
            "criteria": "cpe:2.3:a:winscp:winscp:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "200669EB-F6A1-4C6F-9939-EB3ADB472161"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References