| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in Novell NetWare up to 5.08.5. This vulnerability affects unknown code of the component FTP Server. The manipulation results in access control. This vulnerability is reported as CVE-2007-6735. No exploit exists. You should upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in Novell NetWare up to 5.08.5 (Operating System). Affected is some unknown functionality of the component FTP Server. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.
The weakness was disclosed 04/05/2010 as Bug 260459 as not defined bug report (Bugzilla). The advisory is shared for download at bugzilla.novell.com. This vulnerability is traded as CVE-2007-6735 since 04/05/2010. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.
Upgrading to version 5.08.06 eliminates this vulnerability.
The entries VDB-52585, VDB-52571, VDB-52570 and VDB-52569 are pretty similar. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.novell.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: NetWare 5.08.06
Timeline
04/05/2010 🔍04/05/2010 🔍
04/05/2010 🔍
03/19/2015 🔍
05/05/2026 🔍
Sources
Vendor: novell.comAdvisory: Bug 260459
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-6735 (🔍)
GCVE (CVE): GCVE-0-2007-6735
GCVE (VulDB): GCVE-100-52572
See also: 🔍
Entry
Created: 03/19/2015 12:22Updated: 05/05/2026 01:15
Changes: 03/19/2015 12:22 (48), 12/29/2017 11:58 (6), 05/05/2026 01:15 (19)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.

No comments yet. Languages: en.
Please log in to comment.