Vulnerability Details : CVE-2007-1362
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
Vulnerability category: Denial of service
Products affected by CVE-2007-1362
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1362
44.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1362
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-1362
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-1362
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
-
http://www.redhat.com/support/errata/RHSA-2007-0401.html
Support
-
http://www.ubuntu.com/usn/usn-468-1
-
http://www.redhat.com/support/errata/RHSA-2007-0400.html
-
http://www.redhat.com/support/errata/RHSA-2007-0402.html
Support
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
The Slackware Linux Project: Slackware Security Advisories
-
http://secunia.com/advisories/25635
-
http://www.securitytracker.com/id?1018162
-
http://secunia.com/advisories/25490
-
http://www.securityfocus.com/bid/24242
-
http://www.securitytracker.com/id?1018163
-
http://www.debian.org/security/2007/dsa-1306
-
http://www.securityfocus.com/archive/1/470172/100/200/threaded
-
http://secunia.com/advisories/25534
About Secunia Research | Flexera
-
http://secunia.com/advisories/25559
About Secunia Research | Flexera
-
http://www.osvdb.org/35139
-
http://www.debian.org/security/2007/dsa-1300
[SECURITY] [DSA 1300-1] New iceape packages fix several vulnerabilities
-
http://secunia.com/advisories/25750
About Secunia Research | Flexera
-
http://www.debian.org/security/2007/dsa-1308
-
http://secunia.com/advisories/25533
-
http://secunia.com/advisories/25476
About Secunia Research | Flexera
-
http://www.securityfocus.com/bid/22879
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34613
-
http://www.mozilla.org/security/announce/2007/mfsa2007-14.html
Patch
-
http://www.vupen.com/english/advisories/2007/1994
Site en construction
-
http://osvdb.org/35140
-
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
404 Page Not Found | SUSE
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
-
http://secunia.com/advisories/25858
About Secunia Research | Flexera
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
-
http://secunia.com/advisories/25647
-
http://security.gentoo.org/glsa/glsa-200706-06.xml
Mozilla products: Multiple vulnerabilities (GLSA 200706-06) — Gentoo security
-
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
Page Not Found | CISAUS Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10759
-
https://issues.rpath.com/browse/RPL-1424
-
http://secunia.com/advisories/25685
Jump to