Vulnerability Details : CVE-2007-6314
Potential exploit
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL.
Products affected by CVE-2007-6314
- cpe:2.3:a:real_time_logic:barracudadrive_web_server:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:real_time_logic:barracudadrive_web_server_home_server:3.7.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6314
11.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6314
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2007-6314
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6314
-
http://aluigi.altervista.org/adv/barradrive-adv.txt
Exploit
-
http://securityreason.com/securityalert/3434
-
http://www.securityfocus.com/bid/26805
Exploit;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38972
-
http://secunia.com/advisories/28032
Vendor Advisory
-
http://www.securityfocus.com/archive/1/484833/100/0/threaded
Jump to