CVE-2007-2769 : BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attac

BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file.

Published 2007-05-21 20:30:00

Updated 2017-07-29 01:31:43

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-2769

Probability of exploitation activity in the next 30 days: 1.70%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-2769

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2007-2769

https://exchange.xforce.ibmcloud.com/vulnerabilities/34408
http://www.securityfocus.com/bid/24055

Patch
http://www.vupen.com/english/advisories/2007/1887

CVEs referencing this url
http://www.opendap.org/security.html

Patch

CVEs referencing this url
http://www.kb.cert.org/vuls/id/659148

Patch;US Government Resource

Products affected by CVE-2007-2769

Opendap » Hyrax » Version: 1.2
cpe:2.3:a:opendap:hyrax:1.2:*:*:*:*:*:*:*
Matching versions
Opendap » BES
Versions up to, including, (<=) 3.4.2
cpe:2.3:a:opendap:bes:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-2769

Exploit prediction scoring system (EPSS) score for CVE-2007-2769

CVSS scores for CVE-2007-2769

References for CVE-2007-2769

Products affected by CVE-2007-2769