OPeNDAP BES 3.4.2 privileges management

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in OPeNDAP BES 3.4.2. It has been classified as critical. This affects an unknown function. Upgrading to version 3.5.0 eliminates this vulnerability.

Field03/13/2015 02:56 PM09/02/2018 10:56 AM
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
vendorOPeNDAPOPeNDAP
nameBESBES
version3.4.23.4.2
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore5.55.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore6.46.4
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore6.46.4
date1179751726 (05/21/2007)1179751726 (05/21/2007)
locationCERT.orgCERT.org
typeAdvisoryAdvisory
urlhttp://www.kb.cert.org/vuls/id/659148http://www.kb.cert.org/vuls/id/659148
confirm_urlhttp://www.opendap.org/security.htmlhttp://www.opendap.org/security.html
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version3.5.03.5.0
cveCVE-2007-2769CVE-2007-2769
cve_assigned11797056001179705600
cve_nvd_published11797056001179705600
cve_nvd_summaryBES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file.BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file.
osvdb3548735487
osvdb_create11797517421179751742
osvdb_titleOPeNDAP BES Crafted Compressed File Arbitrary File ExecutionOPeNDAP BES Crafted Compressed File Arbitrary File Execution
secunia2531925319
secunia_date1179705600 (05/21/2007)1179705600 (05/21/2007)
secunia_titleOPeNDAP BES Software File Enumeration and Command Execution VulnerabilitiesOPeNDAP BES Software File Enumeration and Command Execution Vulnerabilities
secunia_riskHighly CriticalHighly Critical
securityfocus2405524055
securityfocus_date1179446400 (05/18/2007)1179446400 (05/18/2007)
securityfocus_classInput Validation ErrorInput Validation Error
securityfocus_titleOPeNDAP BES Compressed Files Remote Command Execution VulnerabilityOPeNDAP BES Compressed Files Remote Command Execution Vulnerability
vupenADV-2007-1887ADV-2007-1887
xforce3440834408
xforce_titleOPeNDAP BES and Hyrax compressed file code executionOPeNDAP BES and Hyrax compressed file code execution
xforce_identifieropendap-beshyrax-compressed-code-executionopendap-beshyrax-compressed-code-execution
seealso3689536895
cwe269 (privilege escalation)269 (privilege escalation)
cvss3_vuldb_uiNN
cvss2_vuldb_eUU
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eUU
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
person_nicknameCIRT

Interested in the pricing of exploits?

See the underground prices here!