CVE-2007-5113

high

Description

report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.

References

http://www.securityfocus.com/bid/26037

http://www.securityfocus.com/archive/1/482006/100/0/threaded

http://websecurity.com.ua/1283/

http://securityvulns.ru/Sdocument90.html

http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/

Details

Source: Mitre, NVD

Published: 2007-09-26

Updated: 2018-10-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High