CVE-2007-3816

high

Description

JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries are crossed. However, it seems possible that this is a vulnerability class to which an JWIG application may be vulnerable if template contents can be influenced, but this would be an issue in the application itself, not JWIG

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35515

http://www.securitytracker.com/id?1018432

http://www.securityfocus.com/bid/24974

http://www.securityfocus.com/archive/1/474474/100/200/threaded

http://www.securityfocus.com/archive/1/473707/100/0/threaded

http://www.secniche.org/papers/HackAnnotationsInJWIG.pdf

http://seclists.org/fulldisclosure/2007/Jul/0451.html

http://seclists.org/fulldisclosure/2007/Jul/0446.html

http://seclists.org/bugtraq/2007/Jul/0206.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064933.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064768.html

Details

Source: Mitre, NVD

Published: 2007-07-17

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.01781