CVE-2007-4723

Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/45879	Broken Link
http://securityreason.com/securityalert/3100	Third Party Advisory
http://www.securityfocus.com/archive/1/478263/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ragnarok_online_control_panel_project:ragnarok_online_control_panel:4.3.4a:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-09-05 19:17

Updated : 2023-12-10 10:40

NVD link : CVE-2007-4723

Mitre link : CVE-2007-4723

CVE.ORG link : CVE-2007-4723

JSON object : View

Products Affected

ragnarok_online_control_panel_project

ragnarok_online_control_panel

apache

http_server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2007-4723", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-09-05T19:17:00.000", "references": [{"url": "http://osvdb.org/45879", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3100", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/478263/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a \"/...../\" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en Ragnarok Online Control Panel 4.3.4a, cuando se utiliza Apache HTTP Server, permite a atacantes remotos evitar la autenticaci\u00f3n mediante secuencias de salto de directorio en un URI que termina con el nombre de una p\u00e1gina p\u00fablicamente disponible, como ha sido demostrado por la secuencia \"/...../\" y un componente final account_manage.php/login.php para acceder a la p\u00e1gina protegida account_manage.php."}], "lastModified": "2020-11-16T20:48:08.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ragnarok_online_control_panel_project:ragnarok_online_control_panel:4.3.4a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12F2E1BB-7D48-4816-85B2-6E6AF67B5A44"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A6CD1F4-4C0E-4989-A2B3-DC086E8E80A3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}