CVE-2007-4655

{"id": "CVE-2007-4655", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-09-04T22:17:00.000", "references": [{"url": "http://jvn.jp/jp/JVN%2320452446/index.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/40146", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/40147", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26614", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20070823212803", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25500", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36389", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de escalado de directorio en el CGI RESCUE Shopping Basket Professional 7.51 y versiones anteriores permiten a atacantes remotos listar directorios de su elecci\u00f3n y, posiblemente, leer directorios de su elecci\u00f3n, a trav\u00e9s de secuencias de escalado de directorios en par\u00e1metros sin especificar a (1) list.cgi o (2) list2.cgi."}], "lastModified": "2017-07-29T01:33:05.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cgi-rescue:shopping_basket_professional:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "647E8A28-D94A-4A6E-BA90-CBE83FF74CFC", "versionEndIncluding": "7.51"}], "operator": "OR"}]}], "evaluatorComment": "Additional information can be found at: http://www.securityfocus.com/bid/25500/info", "sourceIdentifier": "cve@mitre.org"}