CVE

Id
26365  
CVE No.
CVE-2007-3008  
Status
Candidate  
Description
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.  
Phase
Assigned (20070604)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
267026 26365 CVE-2007-3008 MISC:http://www.appwebserver.org/forum/viewtopic.php?t=996  View
267027 26365 CVE-2007-3008 CONFIRM:http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html  View
267028 26365 CVE-2007-3008 BID:24456  View
267029 26365 CVE-2007-3008 URL:http://www.securityfocus.com/bid/24456  View
267030 26365 CVE-2007-3008 OSVDB:35511  View
267031 26365 CVE-2007-3008 URL:http://www.osvdb.org/35511  View
267032 26365 CVE-2007-3008 SECUNIA:25636  View
267033 26365 CVE-2007-3008 URL:http://secunia.com/advisories/25636  View
267034 26365 CVE-2007-3008 XF:mbedthis-httptrace-xss(34854)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
53436 JVNDB-2007-002128 Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server の masterCGI における任意のコマンドを実行される脆弱性 Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server の masterCGI には、任意のコマンドを実行される脆弱性が存在します。 CVE-2007-3010 26365 10 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002128.html  View