CVE-2007-3008 — Cross-site Scripting in Software Mbedthis Appweb Http Server

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

CNA5.8

EPSS

0.9%

top 25.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mbedthis Software Mbedthis Appweb Http Server

Timeline

PublishedJun 4

Latest updateMay 1

Description

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmbedthis_software/mbedthis_appweb_http_server10 versions+9

🔴Vulnerability Details

GHSA

GHSA-522h-48w5-75fm: Mbedthis AppWeb before 2↗2022-05-01

▶

CVEList

CVE-2007-3008: Mbedthis AppWeb before 2↗2007-06-04

▶

📋Vendor Advisories

Red Hat

CVE-2007-3008: Mbedthis AppWeb before 2↗

▶