Vulnerability Details : CVE-2007-3816
JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries are crossed. However, it seems possible that this is a vulnerability class to which an JWIG application may be vulnerable if template contents can be influenced, but this would be an issue in the application itself, not JWIG
Vulnerability category: Denial of service
Products affected by CVE-2007-3816
- cpe:2.3:a:brics:jwig:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3816
13.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3816
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
References for CVE-2007-3816
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064933.html
[Full-Disclosure] Mailing List Charter
-
http://www.securitytracker.com/id?1018432
www.securitytracker.com
-
http://www.securityfocus.com/archive/1/474474/100/200/threaded
-
http://www.securityfocus.com/bid/24974
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35515
JWIG external template denial of service CVE-2007-3816 Vulnerability Report
-
http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf
-
http://seclists.org/bugtraq/2007/Jul/0206.html
Bugtraq: [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
-
http://seclists.org/fulldisclosure/2007/Jul/0451.html
Full Disclosure: Re: [CVE 2007-3816] [Advisory] Vulnerability Facts Related JWIG Advisory
-
http://seclists.org/fulldisclosure/2007/Jul/0446.html
Full Disclosure: [CVE 2007-3816] [Advisory] Vulnerability Facts Related JWIG Advisory
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064768.html
[Full-Disclosure] Mailing List Charter
-
http://www.securityfocus.com/archive/1/473707/100/0/threaded
Jump to