Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5113

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5113
Last Modified 15 Nov 2008 01:59:45
Published 26 Sep 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5113

Summary

report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.

Vulnerable Systems

Application

  • Roi Revolution Urchin 5.7.03


References

BID - 26037

MISC - http://websecurity.com.ua/1283/

MISC - http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/

BUGTRAQ - 20071010 Vulnerabilities digest

MISC - http://securityvulns.ru/Sdocument90.html


Last Updated: 27 May 2016 10:46:04