CVE Vulnerability

CVE-2007-0184

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://getahead.ltd.uk/dwr/changelog
http://www.securityfocus.com/bid/21955
http://secunia.com/advisories/23641 Vendor Advisory
http://osvdb.org/32657
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.vupen.com/english/advisories/2007/0095
https://exchange.xforce.ibmcloud.com/vulnerabilities/31377
Configurations

Configuration 1

cpe:2.3:a:getahead:direct_web_remoting:1.0:*:*:*:*:*:*:*
cpe:2.3:a:getahead:direct_web_remoting:0.8:*:*:*:*:*:*:*
cpe:2.3:a:getahead:direct_web_remoting:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:getahead:direct_web_remoting:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:getahead:direct_web_remoting:0.9:*:*:*:*:*:*:*
cpe:2.3:a:getahead:direct_web_remoting:0.7:*:*:*:*:*:*:*
cpe:2.3:a:getahead:direct_web_remoting:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:getahead:direct_web_remoting:*:*:*:*:*:*:*:*
Information

Published : 2007-01-12 05:04

Updated : 2017-07-29 01:30

NVD link : CVE-2007-0184

Mitre link : CVE-2007-0184

Products Affected
No products.
CWE
NVD-CWE-Other