NVD

Id
56999  
Name
CVE-2007-4909  
Description
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2007-09-17  
Modified Date
2008-09-05  
Seq
2007-4909  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
290944 56999 CVE-2007-4909 3141  View
290945 56999 CVE-2007-4909 http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30  View
290946 56999 CVE-2007-4909 http://winscp.net/eng/docs/history/  View
290947 56999 CVE-2007-4909 20070913 WinSCP < 4.04 url protocol handler flaw  View
290948 56999 CVE-2007-4909 25655  View
290949 56999 CVE-2007-4909 1018697  View
290950 56999 CVE-2007-4909 winscp-scpsftp-command-execution(36591)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
57415 JVNDB-2007-006107 WinSCP におけるリモートサーバで任意のファイル転送を実行される脆弱性 WinSCP には、解釈の矛盾により、リモートサーバで任意のファイル転送を実行される脆弱性が存在します。 CVE-2007-4909 28264 CVE-2007-4909 56999 9.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-006107.html 2007-09-17 2012-12-20 View