CVE-2007-3008 - Vulnerability Details - OpenCVE

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mbedthis Software	Mbedthis Appweb Http Server

Configuration 1 [-]

OR	cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.0:::::::*
	cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.1:::::::*
	cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.2:::::::*
	cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.3:::::::*
	cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.4:::::::*
	cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.5:::::::*
	cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.1.0:::::::*
	cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.1.1:::::::*
	cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.2.0:::::::*
	cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.2.1:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/25636
http://www.appwebserver.org/forum/viewtopic.php?t=996
http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html
http://www.osvdb.org/35511
http://www.securityfocus.com/bid/24456
https://exchange.xforce.ibmcloud.com/vulnerabilities/34854

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-04T17:00:00

Updated: 2024-08-07T13:57:54.926Z

Reserved: 2007-06-04T00:00:00

Link: CVE-2007-3008

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-06-04T17:30:00.000

Modified: 2024-11-21T00:32:11.530

Link: CVE-2007-3008

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html"}, {"name": "mbedthis-httptrace-xss(34854)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34854"}, {"name": "24456", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24456"}, {"name": "35511", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/35511"}, {"name": "25636", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25636"}, {"tags": ["x_refsource_MISC"], "url": "http://www.appwebserver.org/forum/viewtopic.php?t=996"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3008", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html", "refsource": "CONFIRM", "url": "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html"}, {"name": "mbedthis-httptrace-xss(34854)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34854"}, {"name": "24456", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24456"}, {"name": "35511", "refsource": "OSVDB", "url": "http://www.osvdb.org/35511"}, {"name": "25636", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25636"}, {"name": "http://www.appwebserver.org/forum/viewtopic.php?t=996", "refsource": "MISC", "url": "http://www.appwebserver.org/forum/viewtopic.php?t=996"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.926Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html"}, {"name": "mbedthis-httptrace-xss(34854)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34854"}, {"name": "24456", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24456"}, {"name": "35511", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/35511"}, {"name": "25636", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25636"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.appwebserver.org/forum/viewtopic.php?t=996"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3008", "datePublished": "2007-06-04T17:00:00", "dateReserved": "2007-06-04T00:00:00", "dateUpdated": "2024-08-07T13:57:54.926Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F033C9F0-7F7B-41A9-9F64-74E61738540A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E9D1ABC1-7BB1-450B-96A7-FCECC6ADEF5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "EA0D3EAF-BC9E-4ADD-92CE-9CA29D1AD868", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5283B862-1325-49C7-961D-52BDD3616B33", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "1381FB59-0520-4620-8B92-FDB3EDE4A5D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "3CD4B710-951B-4CF3-9E34-D7AF33B4A25A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "33ECBD48-2547-4482-8AFD-96D08390A06E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "370B4D32-536C-4BC5-AF68-8851C3C8B55C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "76D650D5-588D-42A7-8ACF-37BEA78A7A8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "54CB5569-3E74-4ADB-A286-E085717C00D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398."}, {"lang": "es", "value": "Mbedthis AppWeb before 2.2.2 habilita el m\u00e9todo HTTP TRACE, el cual tiene un impacto desconocido probablemente relacionado con una filtraci\u00f3n informaci\u00f3n remota y ataques de trazado en sitios cruzados (XST) en CVE-2004-2320 y CVE-2005-3398."}], "id": "CVE-2007-3008", "lastModified": "2024-11-21T00:32:11.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-06-04T17:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25636"}, {"source": "cve@mitre.org", "url": "http://www.appwebserver.org/forum/viewtopic.php?t=996"}, {"source": "cve@mitre.org", "url": "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/35511"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24456"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34854"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25636"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.appwebserver.org/forum/viewtopic.php?t=996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/35511"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24456"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34854"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required.\n\nFor more information please see:\nhttp://www.apacheweek.com/issues/03-01-24#news", "lastModified": "2008-03-05T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}