CVE-2007-0019

Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/32689
http://osvdb.org/32692
http://projects.info-pull.com/moab/MOAB-18-01-2007.html	Exploit Vendor Advisory
http://secunia.com/advisories/23842
https://exchange.xforce.ibmcloud.com/vulnerabilities/31594

Configurations

Configuration 1 (hide)

cpe:2.3:a:maxum_development_corporation:rumpus_ftp_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-01-19 21:28

Updated : 2024-02-04 17:13

NVD link : CVE-2007-0019

Mitre link : CVE-2007-0019

CVE.ORG link : CVE-2007-0019

JSON object : View

Products Affected

maxum_development_corporation

rumpus_ftp_server

CWE

NVD-CWE-Other

{"id": "CVE-2007-0019", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-01-19T21:28:00.000", "references": [{"url": "http://osvdb.org/32689", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/32692", "source": "cve@mitre.org"}, {"url": "http://projects.info-pull.com/moab/MOAB-18-01-2007.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23842", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31594", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en rumpusd en Rumpus 5.1 y anteriores (1) permiten a un usuario validado ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un comando LIST y otras respuestas no especificadas al servicio FTP, y (2) permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de respuestas no especificadas al servicio HTTP."}], "lastModified": "2017-07-29T01:29:54.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:maxum_development_corporation:rumpus_ftp_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1196B49-E96E-481F-AC0F-7C582740AEA0", "versionEndIncluding": "5.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}