nvd-json-data-feeds/CVE-2007/CVE-2007-46xx/CVE-2007-4609.json

{
  "id": "CVE-2007-4609",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-08-31T00:17:00.000",
  "lastModified": "2018-10-15T21:36:41.640",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values."
    },
    {
      "lang": "es",
      "value": "El eyeOS utiliza valores de checksum predecibles en el par\u00e1metro checksum para el control de acceso, lo que permite a atacantes remotos registrar m\u00faltiples cuentas a trav\u00e9s de acciones doCreateUser, a\u00f1adir m\u00faltiples mensajes eyeBoard a trav\u00e9s de acciones addMsg y provocar una denegaci\u00f3n de servicio o llevar a cabo ciertas actividades no autorizadas, adivinando valores de par\u00e1metros v\u00e1lidos."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:eyeos_project:eyeos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B91A5AC-C5FB-4F76-BEF1-6C537C894CF9"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://osvdb.org/45836",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://securityreason.com/securityalert/3081",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/477866/100/0/threaded",
      "source": "cve@mitre.org"
    }
  ]
}