CVE-2008-7220

Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://github.com/sstephenson/prototype/blob/master/CHANGELOG	Release Notes Third Party Advisory
http://osvdb.org/46312	Broken Link
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/May/10	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/May/11	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/May/13	Mailing List Third Party Advisory
http://secunia.com/advisories/37479	Third Party Advisory
http://secunia.com/advisories/37677	Third Party Advisory
http://www.debian.org/security/2009/dsa-1952	Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/07/2	Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=523277	Issue Tracking Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=533137	Issue Tracking Not Applicable Third Party Advisory
https://lists.apache.org/thread.html/2ad48cd9d47edd0e677082eb869115809473a117e1e30b52fb511590%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/6d1b9a75a004dab42c81e8aa149d90e6fd26ce8cd6d71295e565e366%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/769fcc5f331b61c4d7ce16b807678e9a1799628d0146322e14aa24ed%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/7ba863c5a4a0f1230cba2d11cf4de3a2eda3a42e8023d4990f564327%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E
https://seclists.org/bugtraq/2019/May/18	Issue Tracking Mailing List Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html	Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:prototypejs:prototype:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

History

27 Jul 2021, 17:31

Type	Values Removed	Values Added
CWE	~~NVD-CWE-Other~~	NVD-CWE-noinfo
References	~~(SECUNIA) http://secunia.com/advisories/37677 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/37677 - Third Party Advisory
References	~~(OSVDB) http://osvdb.org/46312 -~~	(OSVDB) http://osvdb.org/46312 - Broken Link
References	~~(FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html -~~	(FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html - Broken Link
References	~~(FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html -~~	(FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html - Broken Link
References	~~(DEBIAN) http://www.debian.org/security/2009/dsa-1952 -~~	(DEBIAN) http://www.debian.org/security/2009/dsa-1952 - Third Party Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/6d1b9a75a004dab42c81e8aa149d90e6fd26ce8cd6d71295e565e366@%3Cissues.zookeeper.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/6d1b9a75a004dab42c81e8aa149d90e6fd26ce8cd6d71295e565e366@%3Cissues.zookeeper.apache.org%3E - Mailing List, Third Party Advisory
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2019/May/10 -~~	(FULLDISC) http://seclists.org/fulldisclosure/2019/May/10 - Mailing List, Third Party Advisory
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2019/May/13 -~~	(FULLDISC) http://seclists.org/fulldisclosure/2019/May/13 - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/2ad48cd9d47edd0e677082eb869115809473a117e1e30b52fb511590@%3Cissues.zookeeper.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/2ad48cd9d47edd0e677082eb869115809473a117e1e30b52fb511590@%3Cissues.zookeeper.apache.org%3E - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E - Mailing List, Third Party Advisory
References	~~(CONFIRM) http://github.com/sstephenson/prototype/blob/master/CHANGELOG -~~	(CONFIRM) http://github.com/sstephenson/prototype/blob/master/CHANGELOG - Release Notes, Third Party Advisory
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=523277 -~~	(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=523277 - Issue Tracking, Patch, Third Party Advisory
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2019/May/11 -~~	(FULLDISC) http://seclists.org/fulldisclosure/2019/May/11 - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/7ba863c5a4a0f1230cba2d11cf4de3a2eda3a42e8023d4990f564327@%3Cdev.zookeeper.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/7ba863c5a4a0f1230cba2d11cf4de3a2eda3a42e8023d4990f564327@%3Cdev.zookeeper.apache.org%3E - Mailing List, Third Party Advisory
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=533137 -~~	(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=533137 - Issue Tracking, Not Applicable, Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/37479 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/37479 - Third Party Advisory
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2009/11/07/2 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2009/11/07/2 - Mailing List, Third Party Advisory
References	~~(MISC) http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html -~~	(MISC) http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html - Third Party Advisory, VDB Entry
References	~~(MLIST) https://lists.apache.org/thread.html/769fcc5f331b61c4d7ce16b807678e9a1799628d0146322e14aa24ed@%3Cdev.zookeeper.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/769fcc5f331b61c4d7ce16b807678e9a1799628d0146322e14aa24ed@%3Cdev.zookeeper.apache.org%3E - Mailing List, Third Party Advisory
References	~~(BUGTRAQ) https://seclists.org/bugtraq/2019/May/18 -~~	(BUGTRAQ) https://seclists.org/bugtraq/2019/May/18 - Issue Tracking, Mailing List, Third Party Advisory
CPE	cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.1:::::::* cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:pre0:::::: cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:rc0:::::: cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:pre1:::::: cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:::::::* cpe:2.3:a:prototypejs:prototype_javascript_framework:1.6.0.1:rc1:::::: cpe:2.3:a:prototypejs:prototype_javascript_framework:1.6.0.1:rc0:::::: cpe:2.3:a:prototypejs:prototype_javascript_framework:::::::: cpe:2.3:a:prototypejs:prototype_javascript_framework:1.5.0:rc2::::::	cpe:2.3:a:prototypejs:prototype:::::::: cpe:2.3:o:debian:debian_linux:6.0:::::::* cpe:2.3:o:debian:debian_linux:5.0:::::::*

Information

Published : 2009-09-13 22:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-7220

Mitre link : CVE-2008-7220

CVE.ORG link : CVE-2008-7220

JSON object : View

Products Affected

prototypejs

prototype

debian

debian_linux

CWE

NVD-CWE-noinfo

{"id": "CVE-2008-7220", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-09-13T22:30:00.453", "references": [{"url": "http://github.com/sstephenson/prototype/blob/master/CHANGELOG", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/46312", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2019/May/10", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2019/May/11", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2019/May/13", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/37479", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/37677", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2009/dsa-1952", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2009/11/07/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137", "tags": ["Issue Tracking", "Not Applicable", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/2ad48cd9d47edd0e677082eb869115809473a117e1e30b52fb511590%40%3Cissues.zookeeper.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/6d1b9a75a004dab42c81e8aa149d90e6fd26ce8cd6d71295e565e366%40%3Cissues.zookeeper.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/769fcc5f331b61c4d7ce16b807678e9a1799628d0146322e14aa24ed%40%3Cdev.zookeeper.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/7ba863c5a4a0f1230cba2d11cf4de3a2eda3a42e8023d4990f564327%40%3Cdev.zookeeper.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/May/18", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Prototype JavaScript Framework (prototypejs) anterior a v1.6.0.2, permite a atacantes remotos realizar \"peticiones ajax en sitios cruzados\" a trav\u00e9s de vectores desconocidos."}], "lastModified": "2023-11-07T02:03:29.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prototypejs:prototype:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78E4C4B0-7FA1-4DEE-A96A-A2A93E8E1DA2", "versionEndExcluding": "1.6.0.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}