Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4494

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4494
Last Modified 27 Jul 2015 02:36:32
Published 22 Aug 2007 09:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4494

Summary

The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.

Vulnerable Systems

Application

  • Ez Publish 3.8.8

  • Ez Publish 3.9.0

  • Ez Publish 3.9.1

  • Ez Publish 3.9.2

  • Ez Systems Ez Publish 3.8.8

  • Ez Systems Ez Publish 3.9.0

  • Ez Systems Ez Publish 3.9.1

  • Ez Systems Ez Publish 3.9.2


References

CONFIRM - http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_9_3

OSVDB - 40325

CONFIRM - http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_8_9

CONFIRM - http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9

BID - 25538

SECUNIA - 26686


Last Updated: 27 May 2016 10:42:38