CVE-2007-3423
First published: Tue Jun 26 2007(Updated: )
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WebAPP | <=0.9.9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-3423?
CVE-2007-3423 is considered to have an unknown severity as its impact is not clearly defined.
How do I fix CVE-2007-3423?
To fix CVE-2007-3423, upgrade to WebAPP version 0.9.9.7 or later.
What vulnerabilities does CVE-2007-3423 exploit?
CVE-2007-3423 exploits the handling of the From field in instant messages to create unintended file names.
Which versions of WebAPP are affected by CVE-2007-3423?
WebAPP versions prior to 0.9.9.7 are affected by CVE-2007-3423.
Is CVE-2007-3423 related to file security?
Yes, CVE-2007-3423 is related to file security as it involves the use of user input to influence file names.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/web-app.org
- canonical/webapp
- version/webapp/0.9.9.6