{
  "id": "CVE-2007-2514",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-06-06T10:30:00.000",
  "lastModified": "2018-10-16T16:44:21.867",
  "vulnStatus": "Modified",
  "evaluatorImpact": "\"This issue only affects systems running non-secure communications, which comprise a very small percentage of installations worldwide.\"",
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en el XferWan.exe como el utilizado en m\u00faltiples productos incluidos (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0 y (3) Centennial UK Ltd Discovery 2006 Feature Pack, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una petici\u00f3n larga. NOTA: esta vulnerabilidad puede ser una r\u00e9plica de la CVE-2007-1173."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": true,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:centennial:discovery:2006_featurepack1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9336740-2AB3-4189-8EDE-3D12A3AFDB57"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:numara:asset_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8AE39DA-388A-414F-B58A-B7B0E9B4FC12"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:symantec:discovery:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8679A66E-0AEB-42E3-938D-E7AEC74A6C62"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-10",
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://osvdb.org/42059",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://securityreason.com/securityalert/2785",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/470563/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/24317",
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id?1018191",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34723",
      "source": "cve@mitre.org"
    }
  ]
}