CVE-2007-2726

{"id": "CVE-2007-2726", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-05-16T22:30:00.000", "references": [{"url": "http://osvdb.org/39767", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23993", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34344", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3929", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/39767", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/23993", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34344", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/3929", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated \"../A\" or \"A/../\" patterns."}, {"lang": "es", "value": "BitsCast 0.13.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante un \u00edtem de un feed RSS 2.0 con ciertas cadenas inv\u00e1lidas en un elemento pubDate, como ha sido demostrado con patrones \"../A\" o \"A/../\" repetidos."}], "lastModified": "2024-11-21T00:31:30.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bitscast:bitscast:0.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93A71E85-93E7-4AB0-B619-85BB123C2580"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}