Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5578

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5578
Last Modified 05 Sep 2008 05:31:08
Published 18 Oct 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5578

Summary

Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.

Vulnerable Systems

Application

  • Secureideas Basic Analysis And Security Engine 1.3.6


References

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=103348&release_id=521723

SECUNIA - 25518

XF - base-basemain-security-bypass(34724)

BID - 24315

OSVDB - 35243

FULLDISC - 20070606 Kevin Johnson BASE <= 1.3.6 authentication bypass

FULLDISC - 20070604 Kevin Johnson BASE <= 1.3.6 authentication bypass


Last Updated: 27 May 2016 10:46:12