CVE-2007-1178 - WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administrati

CVE-2007-1178

Summary

WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.

References

http://osvdb.org/33279
http://osvdb.org/33282
http://secunia.com/advisories/24080
http://www.securityfocus.com/bid/22563
http://www.vupen.com/english/advisories/2007/0604
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250

Vulnerable Configurations

cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 08-03-2011 - 02:51)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	22563
confirm	http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250
osvdb	33279 33282
secunia	24080
vupen	ADV-2007-0604

Last major update

08-03-2011 - 02:51

Published

02-03-2007 - 21:18

Last modified

08-03-2011 - 02:51