1. CVE-Search
  2. CVE-2007-2197
ID CVE-2007-2197
Summary Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.
References
Vulnerable Configurations
  • cpe:2.3:a:brettle_development:neatupload:1.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.1.21:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.1.22:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.1.23:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:1.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:1.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:trunk.379:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:trunk.379:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:trunk.380:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:trunk.380:*:*:*:*:*:*:*
  • cpe:2.3:a:brettle_development:neatupload:trunk.381:*:*:*:*:*:*:*
    cpe:2.3:a:brettle_development:neatupload:trunk.381:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 16-10-2018 - 16:42)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 23578
bugtraq 20070420 NeatUpload vulnerability and fix
secunia 25003
xf neatupload-responses-information-disclosure(33785)
Last major update 16-10-2018 - 16:42
Published 24-04-2007 - 17:19
Last modified 16-10-2018 - 16:42
Back to Top