[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5578Date: (C)2007-10-18   (M)2023-12-22


Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0031.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063767.html
BID-24315
SECUNIA-25518
OSVDB-35243
base-basemain-security-bypass(34724)
http://sourceforge.net/project/shownotes.php?group_id=103348&release_id=521723

CPE    1
cpe:/a:secureideas:basic_analysis_and_security_engine:1.3.6
CWE    1
CWE-287

© SecPod Technologies