CVE-2007-3365
published 2007-06-22CVE-2007-3365: MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
5.97%
92.4th percentile
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myserverproject | myserver | <= 0.8.9 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Unparsed Raw Web Content Delivery
mitre_cwe·CVSS 7.5
[HIGH] CWE-433 Unparsed Raw Web Content Delivery
CWE-433: Unparsed Raw Web Content Delivery
The product stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server.
If code is stored in a file with an extension such as ".inc" or ".pl", and the web server does not have a handler for that extension, then the server will likely send the contents of the file directly to the requester without the pre-processing that was expected. When that file contains sensitive information such as database credentials, this may allow the attacker to compromise the application or associated components.
Modes of Introduction:
Phase: Implementation
Phase: Operation
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data.
Potential Mitigations:
[Architecture and Desig
CWE
Improper Handling of Case Sensitivity
mitre_cwe
CWE-178 Improper Handling of Case Sensitivity
CWE-178: Improper Handling of Case Sensitivity
The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.
Improperly handled case sensitive data can lead to several possible consequences, including: case-insensitive passwords reducing the size of the key space, making brute force attacks easier bypassing filters or access controls using alternate names multiple interpretation errors using alternate names.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism.
Potential Mitigations:
[Architecture and Design] Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate n
http://osvdb.org/37505http://secunia.com/advisories/25754http://securityreason.com/securityalert/2827http://www.securityfocus.com/archive/1/471914/100/0/threadedhttp://www.securityfocus.com/bid/24571https://exchange.xforce.ibmcloud.com/vulnerabilities/34977http://osvdb.org/37505http://secunia.com/advisories/25754http://securityreason.com/securityalert/2827http://www.securityfocus.com/archive/1/471914/100/0/threadedhttp://www.securityfocus.com/bid/24571https://exchange.xforce.ibmcloud.com/vulnerabilities/34977
2007-06-22
Published