| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.8 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic was found in activeWeb contentserver 5.6.2929. This affects an unknown part. The manipulation results in an unknown weakness. This vulnerability is reported as CVE-2007-3018. No exploit exists. Upgrading the affected component is advised.
Details
A vulnerability was found in activeWeb contentserver 5.6.2929. It has been classified as problematic. This is going to have an impact on integrity. CVE summarizes:
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.
The weakness was disclosed 07/13/2007 by RedTeam Pentesting with RedTeam Pentesting GmbH as confirmed posting (Bugtraq). The advisory is available at securityfocus.com. This vulnerability is traded as CVE-2007-3018 since 06/04/2007. The exploitability is told to be easy. It is possible to launch the attack remotely. The successful exploitation requires a authentication. The technical details are unknown and an exploit is not available.
Upgrading to version 5.6.2929 eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (35400), SecurityFocus (BID 24900†), OSVDB (39746†) and Secunia (SA26063†). The entries VDB-37841, VDB-37821, VDB-85655 and VDB-85656 are pretty similar. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 3.8
VulDB Base Score: 4.3
VulDB Temp Score: 3.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: UnknownCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: contentserver 5.6.2929
Timeline
06/04/2007 🔍07/13/2007 🔍
07/13/2007 🔍
07/16/2007 🔍
08/21/2007 🔍
03/15/2015 🔍
09/05/2018 🔍
Sources
Advisory: securityfocus.com⛔Researcher: RedTeam Pentesting
Organization: RedTeam Pentesting GmbH
Status: Confirmed
CVE: CVE-2007-3018 (🔍)
GCVE (CVE): GCVE-0-2007-3018
GCVE (VulDB): GCVE-100-37842
X-Force: 35400 - activeWeb contentserver CMS editor insecure permissions
SecurityFocus: 24900 - activeWeb contentserver Permissions Bypass Weakness
Secunia: 26063
OSVDB: 39746 - activeWeb contentserver Restricted Account Arbitrary File Creation
See also: 🔍
Entry
Created: 03/15/2015 15:58Updated: 09/05/2018 10:06
Changes: 03/15/2015 15:58 (59), 09/05/2018 10:06 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.