CVE-2007-3571

The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/45742
http://www.vupen.com/english/advisories/2007/2388
https://exchange.xforce.ibmcloud.com/vulnerabilities/35365
https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*

OR	cpe:2.3:a:novell:groupwise:6.0:::::::*
	cpe:2.3:a:novell:groupwise:6.0:sp1::::::
	cpe:2.3:a:novell:groupwise:6.0:sp2::::::
	cpe:2.3:a:novell:groupwise:6.0:sp3::::::
	cpe:2.3:a:novell:groupwise:6.0:sp4::::::
	cpe:2.3:a:novell:groupwise:6.0.1:sp1::::::
	cpe:2.3:a:novell:groupwise:6.5:::::::*
	cpe:2.3:a:novell:groupwise:6.5:sp1::::::
	cpe:2.3:a:novell:groupwise:6.5:sp2::::::
	cpe:2.3:a:novell:groupwise:6.5:sp3::::::
	cpe:2.3:a:novell:groupwise:6.5:sp4::::::
	cpe:2.3:a:novell:groupwise:6.5:sp5::::::
	cpe:2.3:a:novell:groupwise:6.5:sp6::::::
	cpe:2.3:a:novell:groupwise:6.5.2:::::::*
	cpe:2.3:a:novell:groupwise:6.5.3:::::::*
	cpe:2.3:a:novell:groupwise:6.5.4:::::::*
	cpe:2.3:a:novell:groupwise:7.0:::::::*
	cpe:2.3:a:novell:groupwise:7.0:sp1::::::

History

No history.

Information

Published : 2007-07-05 19:30

Updated : 2023-12-10 10:40

NVD link : CVE-2007-3571

Mitre link : CVE-2007-3571

CVE.ORG link : CVE-2007-3571

JSON object : View

Products Affected

novell

netware
groupwise

CWE

NVD-CWE-Other

{"id": "CVE-2007-3571", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-05T19:30:00.000", "references": [{"url": "http://osvdb.org/45742", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2388", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35365", "source": "cve@mitre.org"}, {"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/370/3555327_f.SAL_Public.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address."}, {"lang": "es", "value": "El servidor web Apache, tal y como se usa en Novell NetWare 6.5 y GroupWise permite a atacantes remotos obtener informaci\u00f3n sensible mediante cierta directiva para Apache que provoca que la cabecera HTTP de la respuesta sea modificada, lo cual podr\u00eda revelar la direcci\u00f3n IP interna del servidor."}], "lastModified": "2017-07-29T01:32:22.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D328A81E-DC60-4B67-B707-F0AD9A6F48E2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "174646C1-60F8-4A84-9C0D-785303EBAF6D"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F5DFFF8-7DCF-48E0-B43E-269EA4F3AE75"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2F5DF0E-8158-4D2E-88CC-BBD7A031054E"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.0.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9A8D9A3-2369-4B08-8A73-2A66EFEB26E1"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0BB62B7-C895-4AB6-9CEB-4B312E334953"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A91EAC4C-8EEE-4050-B1AD-E677AD90327D"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F65030-60A2-4EC2-A06D-EC5249FD9FA5"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CB8A6AD-94E4-4871-9BCA-EC637161E70D"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "814CAE15-78D8-4205-AC95-E07385A7B3DB"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "251EAE31-9799-453A-ABF7-F3D1C6602A81"}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32AFA45E-7EA4-4067-BDB5-AB4391B3FE65"}, {"criteria": "cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE640E9A-762B-4AF4-8677-818CBF16EA4E"}, {"criteria": "cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9FBB457-FDC0-485F-951A-C0A7661A92B0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}