{
  "id": "CVE-2007-1178",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-03-02T21:18:00.000",
  "lastModified": "2025-04-09T00:30:58.490",
  "vulnStatus": "Deferred",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors."
    },
    {
      "lang": "es",
      "value": "WebAPP anterior a 0.9.9.5 no valida el acceso en ciertos contextos relacionado con (1) Calendar Administration, (2) Instant Messages Administration, y (3) Image Uploader, lo cual tiene un impacto desconocido y vectores de ataque,"
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "baseScore": 7.5,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "0.9.9.4",
              "matchCriteriaId": "4053C685-A96A-43B3-8D78-E185AD837B5D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://osvdb.org/33279",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://osvdb.org/33282",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://secunia.com/advisories/24080",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/22563",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2007/0604",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://osvdb.org/33279",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://osvdb.org/33282",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://secunia.com/advisories/24080",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/bid/22563",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2007/0604",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}