Vulnerability Details : CVE-2007-0432
BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.
Products affected by CVE-2007-0432
- cpe:2.3:a:bea:aqualogic_service_bus:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:aqualogic_service_bus:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:aqualogic_service_bus:2.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0432
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0432
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2007-0432
-
http://securitytracker.com/id?1017523
Vendor Advisory
-
http://www.securityfocus.com/bid/22082
-
http://secunia.com/advisories/23786
Vendor Advisory
-
http://osvdb.org/32862
-
http://dev2dev.bea.com/pub/advisory/224
Vendor Advisory
Jump to