[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4337Date: (C)2007-08-14   (M)2023-12-22


Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018553
http://www.securityfocus.com/archive/1/476302/100/0/threaded
BID-25278
SECUNIA-26406
SECUNIA-26814
SECUNIA-33052
SECUNIA-33061
OSVDB-39533
ADV-2007-2858
DSA-1683
GLSA-200709-03
http://sourceforge.net/project/shownotes.php?group_id=6172&release_id=531738
http://streamripper.cvs.sourceforge.net/streamripper/sripper_1x/lib/http.c?r1=1.38&r2=1.39

CWE    1
CWE-119
OVAL    1
oval:org.mitre.oval:def:8216

© SecPod Technologies