1. CVE-Search
  2. CVE-2007-0938
ID CVE-2007-0938
Summary Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:content_management_server:2001:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:content_management_server:2001:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:content_management_server:2002:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:content_management_server:2002:sp2:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 16-10-2018 - 16:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2015-08-10T04:00:23.525-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Content Management Server 2001 is installed
    oval oval:org.mitre.oval:def:29083
  • comment Microsoft Content Management Server 2001 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:1631
  • comment Microsoft Content Management Server 2002 is installed
    oval oval:org.mitre.oval:def:29122
  • comment Microsoft Content Management Server 2002 Service Pack 2 is installed
    oval oval:org.mitre.oval:def:1937
description Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:2001
status accepted
submitted 2007-04-11T08:08:51
title CMS Memory Corruption Vulnerability
version 13
refmap via4
bid 22861
cert-vn VU#434137
hp
  • HPSBST02208
  • SSRT071365
osvdb 34006
sectrack 1017894
secunia 24819
vupen ADV-2007-1322
xf mcms-http-get-code-execution(32736)
Last major update 16-10-2018 - 16:35
Published 10-04-2007 - 21:19
Last modified 16-10-2018 - 16:35
Back to Top