Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5934

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5934
Last Modified 07 Mar 2011 10:01:31
Published 13 Nov 2007 05:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5934

Summary

The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.

Vulnerable Systems

Application

  • Pear Structures Datagrid Datasource Mdb2 2.5.0


References

VUPEN - ADV-2007-3806

BID - 26382

SECUNIA - 27572

CONFIRM - http://pear.php.net/package/MDB2/download/2.5.0a1

CONFIRM - http://pear.php.net/bugs/bug.php?id=10024

OSVDB - 42107

MLIST - [PEAR-CVS] 20070503 cvs: pear /MDB2 MDB2.php package.php /MDB2/MDB2/Driver mysql.php mysqli.php oci8.php pgs

FEDORA - FEDORA-2007-3369

GENTOO - GLSA-200712-05

SECUNIA - 27983

SECUNIA - 27626

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=198446


Last Updated: 27 May 2016 10:46:20