Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4723

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4723
Last Modified 30 Aug 2013 08:51:12
Published 05 Sep 2007 03:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4723

Summary

Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.

Vulnerable Systems

Application

  • Apache Http Server

  • Jasio.net Ragnarok Online Control Panel 4.3.4a


References

BUGTRAQ - 20070831 Ragnarok Online Control Panel Authentication Bypass Vulnerability [new method]

OSVDB - 45879

SREASON - 3100


Last Updated: 27 May 2016 10:45:57