{ "id": "CVE-2007-4337", "sourceIdentifier": "cve@mitre.org", "published": "2007-08-14T18:17:00.000", "lastModified": "2024-11-21T00:35:21.123", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en la funci\u00f3n httplib_parse_sc_header en la biblioteca lib/http.c en Streamripper versiones anteriores a 1.62.2, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de encabezados (1) Location y (2) Server HTTP largos, una vulnerabilidad diferente de CVE-2006-3124." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-119" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:streamripper:streamripper:1.61.1:*:*:*:*:*:*:*", "matchCriteriaId": "66EC7BAB-C449-47FE-AD55-55945B46822D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:streamripper:streamripper:1.61.17:*:*:*:*:*:*:*", "matchCriteriaId": "68996653-3A26-4D27-B8BE-A05FA82BB764" }, { "vulnerable": true, "criteria": "cpe:2.3:a:streamripper:streamripper:1.61.24:*:*:*:*:*:*:*", "matchCriteriaId": "201368B3-C82A-4CF8-AADC-24F4E67C4CE1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:streamripper:streamripper:1.61.25:*:*:*:*:*:*:*", "matchCriteriaId": "E62AF206-3E5C-49F4-9013-A70B82664189" }, { "vulnerable": true, "criteria": "cpe:2.3:a:streamripper:streamripper:1.61.26:*:*:*:*:*:*:*", "matchCriteriaId": "DC19DC46-AE70-4D2A-A1ED-A946B44D0665" }, { "vulnerable": true, "criteria": "cpe:2.3:a:streamripper:streamripper:1.62:*:*:*:*:*:*:*", "matchCriteriaId": "C73FA158-7E9A-4A6F-9E63-97D0126A2C57" } ] } ] } ], "references": [ { "url": "http://osvdb.org/39533", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/26406", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/26814", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/33052", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/33061", "source": "cve@mitre.org" }, { "url": "http://security.gentoo.org/glsa/glsa-200709-03.xml", "source": "cve@mitre.org" }, { "url": "http://sourceforge.net/project/shownotes.php?group_id=6172&release_id=531738", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://streamripper.cvs.sourceforge.net/streamripper/sripper_1x/lib/http.c?r1=1.38&r2=1.39", "source": "cve@mitre.org" }, { "url": "http://www.debian.org/security/2008/dsa-1683", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/476302/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/25278", "source": "cve@mitre.org" }, { "url": "http://www.securitytracker.com/id?1018553", "source": "cve@mitre.org" }, { "url": "http://www.vupen.com/english/advisories/2007/2858", "source": "cve@mitre.org" }, { "url": "http://osvdb.org/39533", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/26406", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/26814", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/33052", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/33061", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://security.gentoo.org/glsa/glsa-200709-03.xml", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://sourceforge.net/project/shownotes.php?group_id=6172&release_id=531738", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "http://streamripper.cvs.sourceforge.net/streamripper/sripper_1x/lib/http.c?r1=1.38&r2=1.39", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.debian.org/security/2008/dsa-1683", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/archive/1/476302/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/25278", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securitytracker.com/id?1018553", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.vupen.com/english/advisories/2007/2858", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }