CVE-2007-0184

{"id": "CVE-2007-0184", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-01-12T05:04:00.000", "references": [{"url": "http://getahead.ltd.uk/dwr/changelog", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/32657", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23641", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21955", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0095", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31377", "source": "cve@mitre.org"}, {"url": "http://getahead.ltd.uk/dwr/changelog", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/32657", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23641", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21955", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0095", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31377", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks."}, {"lang": "es", "value": "Getahead Direct Web Remoting (DWR) versiones anteriores a 1.1.4 permite a atacantes obtener acceso no autorizado a m\u00e9todos p\u00fablicos mediante una petici\u00f3n manipulada que evita las comprobaciones include/exclude."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:getahead:direct_web_remoting:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B67B484-28E5-4BDE-8A6C-B75A19F56182", "versionEndIncluding": "1.1.3"}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52977FDE-0275-4BF1-8C42-95F04B7715E7"}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4650E594-D2AB-45E9-9D3D-5CB02A23B206"}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7385D94-4E21-4243-B8AD-631161618E83"}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC5372F5-047F-4EFC-AD71-BFA4D442927E"}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71E1BE4C-CBCF-4AEE-9118-D2A9631E3555"}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F4C1ACF-0F37-4C8C-9D6C-09A40CD96F4D"}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02E1927F-7837-426B-B294-4C3A650C9802"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}