Details of VAR-200703-0606

ID

VAR-200703-0606

CVE

CVE-2007-1467

TITLE

plural Cisco Product PreSearch.html Cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001703

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. Multiple Cisco products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue by enticing a victim into following a maliciously crafted URI. Attackers may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco IDs: CSCsh91761, CSCsh52300, CSCsh91884, CSCsi12435, CSCsh91901, CSCsi10405, CSCsh91953, CSCsh93070, CSCsh93854, CSCek71039, CSCsh95009, CSCsi10818, CSCsi10674, CSCsi10982, CSCsi13743, CSCsi13763. A remote attacker can inject arbitrary web script or HTML with the help of a text field in search format. Input passed to the search code of PreSearch.html or PreSearch.class (depending on software or device) is not properly sanitised before being returned to the user. SOLUTION: If possible, the vendor recommends deleting or renaming the PreSearch.html and PreSearch.class files. PROVIDED AND/OR DISCOVERED BY: Independently discovered by Erwin Paternotte from Fox-IT and Cassio Goldschmidt. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sr-20070315-xss.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2007-1467 // JVNDB: JVNDB-2007-001703 // CNNVD: CNNVD-200703-426 // BID: 22982 // VULHUB: VHN-24829 // PACKETSTORM: 55116

AFFECTED PRODUCTS

vendor:	cisco	model:	wan manager	scope:	-	version:	-	Trust: 1.7
vendor:	cisco	model:	wireless control system	scope:	eq	version:	4.0	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	4.0.2c	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	4.0.2a	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	4.8.1	Trust: 1.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30002.5.2	Trust: 1.5
vendor:	cisco	model:	call manager	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	network analysis module	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	meetingplace	scope:	-	version:	-	Trust: 1.1
vendor:	cisco	model:	ciscoworks	scope:	-	version:	-	Trust: 1.1
vendor:	cisco	model:	security device manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	meetingplace	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified video advantage	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified videoconferencing	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ip communicator	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified videoconferencing manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.1	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.4	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.6	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.2b	Trust: 1.0
vendor:	cisco	model:	network analysis module	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	wan manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	wireless lan controllers	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	call manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.6.1	Trust: 1.0
vendor:	cisco	model:	acs solution engine	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	wireless lan solution engine	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified meetingplace express	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.2	Trust: 1.0
vendor:	cisco	model:	ciscoworks	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified personal communicator	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	wireless lan solution engine	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ip communicator	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	secure access control server solution engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified meetingplace	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vpn client	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless control system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ciscoworks wireless lan solution engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	security device manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified meetingplace express	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified personal communicator	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified video advantage	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified videoconferencing	scope:	eq	version:	35xx product	Trust: 0.8
vendor:	cisco	model:	unified videoconferencing manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless lan controllers	scope:	eq	version:	2006	Trust: 0.8
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.6	Trust: 0.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1	Trust: 0.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0.3	Trust: 0.6
vendor:	cisco	model:	wireless lan controllers	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	wireless control system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.8.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.8	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.7.0533	Trust: 0.3
vendor:	cisco	model:	vpn client for windows c	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows a	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.6.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	cisco	model:	vpn client for windows b	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows c	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.7	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.6	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris c	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris a	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.6.1	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.6	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris b	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os c	scope:	eq	version:	x4.0.2	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os a	scope:	eq	version:	x4.0.2	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.6.1	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.6	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.5.4	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os b	scope:	eq	version:	x3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.6.1	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.6	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	cisco	model:	vpn client for linux b	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator g	scope:	eq	version:	30004.7.2	Trust: 0.3
vendor:	cisco	model:	vpn concentrator f	scope:	eq	version:	30004.7.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30004.7.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30004.7	Trust: 0.3
vendor:	cisco	model:	vpn concentrator m	scope:	eq	version:	30004.1.7	Trust: 0.3
vendor:	cisco	model:	vpn concentrator .b	scope:	eq	version:	30004.1.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30004.1.x	Trust: 0.3
vendor:	cisco	model:	vpn concentrator .b	scope:	eq	version:	30004.0.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30004.0.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30004.0.x	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30004.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator d	scope:	eq	version:	30003.6.7	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.6.7	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.6.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.6	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5.3	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5.2	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.2	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30002.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator 4.1.7.b	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	vpn concentrator 4.1.7.a	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	unified videoconferencing	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified video advantage	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified personal communicator	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified meetingplace express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	security device manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	secure acs solution engine	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	secure acs for windows	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	network analysis module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ip communicator	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ciscoworks windows/wug	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ciscoworks windows	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ciscoworks windows	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks vpn/security management solution	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks monitoring center for security	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	ciscoworks monitoring center for security	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	ciscoworks monitoring center for security	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	ciscoworks monitoring center for security	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	ciscoworks management center for ids sensors	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	ciscoworks management center for ids sensors	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	ciscoworks management center for ids sensors	scope:	eq	version:	1.2	Trust: 0.3
vendor:	cisco	model:	ciscoworks management center for ids sensors	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	ciscoworks management center for ids sensors	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	ciscoworks lms	scope:	eq	version:	1.3	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	ciscoworks common management foundation	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	ciscoworks common management foundation	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	ciscoworks common management foundation	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	ciscoworks common management foundation	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ciscoworks cd1 5th edition	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks cd1 4th edition	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks cd1 3rd edition	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks cd1 2nd edition	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks cd1 1st edition	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks access control list manager	scope:	eq	version:	1.6	Trust: 0.3
vendor:	cisco	model:	ciscoworks access control list manager	scope:	eq	version:	1.5	Trust: 0.3
vendor:	cisco	model:	ciscoworks wireless lan solution engine	scope:	eq	version:	1105	Trust: 0.3
vendor:	cisco	model:	ciscoworks hosting solution engine	scope:	eq	version:	1105	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	eq	version:	20060	Trust: 0.3

sources: BID: 22982 // JVNDB: JVNDB-2007-001703 // CNNVD: CNNVD-200703-426 // NVD: CVE-2007-1467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-1467
value:	LOW
Trust: 1.0
NVD:	CVE-2007-1467
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200703-426
value:	LOW
Trust: 0.6
VULHUB:	VHN-24829
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2007-1467
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24829
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-24829 // JVNDB: JVNDB-2007-001703 // CNNVD: CNNVD-200703-426 // NVD: CVE-2007-1467

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1467

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-426

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 55116 // CNNVD: CNNVD-200703-426

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001703

PATCH

title:

Document ID: 607

url:

http://www.cisco.com/en/US/products/csr/cisco-sr-20070315-xss.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-001703

EXTERNAL IDS

db:	NVD	id:	CVE-2007-1467	Trust: 2.8
db:	BID	id:	22982	Trust: 2.0
db:	SECUNIA	id:	24499	Trust: 1.8
db:	SECTRACK	id:	1017778	Trust: 1.7
db:	SREASON	id:	2437	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0973	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001703	Trust: 0.8
db:	CNNVD	id:	CNNVD-200703-426	Trust: 0.7
db:	BUGTRAQ	id:	20070315 XSS VULNERABILITY IN THE ONLINE HELP SYSTEM OF SEVERAL CISCO PRODUCTS	Trust: 0.6
db:	BUGTRAQ	id:	20070315 RE: XSS VULNERABILITY IN THE ONLINE HELP SYSTEM OF SEVERAL CISCO PRODUCTS	Trust: 0.6
db:	CISCO	id:	20070315 CROSS-SITE SCRIPTING VULNERABILITY IN ONLINE HELP SYSTEM	Trust: 0.6
db:	XF	id:	33024	Trust: 0.6
db:	VULHUB	id:	VHN-24829	Trust: 0.1
db:	PACKETSTORM	id:	55116	Trust: 0.1

sources: VULHUB: VHN-24829 // BID: 22982 // JVNDB: JVNDB-2007-001703 // PACKETSTORM: 55116 // CNNVD: CNNVD-200703-426 // NVD: CVE-2007-1467

REFERENCES

url:	http://www.securityfocus.com/bid/22982	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_response09186a0080803fe4.html	Trust: 1.7
url:	http://www.securitytracker.com/id?1017778	Trust: 1.7
url:	http://secunia.com/advisories/24499	Trust: 1.7
url:	http://securityreason.com/securityalert/2437	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/462944/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/462932/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/0973	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33024	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1467	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1467	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/462944/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/462932/100/0/threaded	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/33024	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/0973	Trust: 0.6
url:	http://www.cisco.com/warp/public/707/cisco-sr-20070315-xss.shtml	Trust: 0.4
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/462944	Trust: 0.3
url:	http://secunia.com/product/13664/	Trust: 0.1
url:	http://secunia.com/product/10635/	Trust: 0.1
url:	http://secunia.com/product/6330/	Trust: 0.1
url:	http://secunia.com/product/13676/	Trust: 0.1
url:	http://secunia.com/product/5603/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/product/13660/	Trust: 0.1
url:	http://secunia.com/product/11019/	Trust: 0.1
url:	http://secunia.com/product/11848/	Trust: 0.1
url:	http://secunia.com/product/5604/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/2272/	Trust: 0.1
url:	http://secunia.com/product/6025/	Trust: 0.1
url:	http://secunia.com/product/13663/	Trust: 0.1
url:	http://secunia.com/product/13675/	Trust: 0.1
url:	http://secunia.com/product/13661/	Trust: 0.1
url:	http://secunia.com/product/2267/	Trust: 0.1
url:	http://secunia.com/product/13665/	Trust: 0.1
url:	http://secunia.com/product/13672/	Trust: 0.1
url:	http://secunia.com/product/123/	Trust: 0.1
url:	http://secunia.com/product/5363/	Trust: 0.1
url:	http://secunia.com/product/13658/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/13666/	Trust: 0.1
url:	http://secunia.com/product/11850/	Trust: 0.1
url:	http://secunia.com/product/2805/	Trust: 0.1
url:	http://secunia.com/advisories/24499/	Trust: 0.1
url:	http://secunia.com/product/13667/	Trust: 0.1
url:	http://secunia.com/product/13673/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/product/13668/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/259/	Trust: 0.1
url:	http://secunia.com/product/12534/	Trust: 0.1
url:	http://secunia.com/product/11849/	Trust: 0.1
url:	http://secunia.com/disassembling_og_reversing/	Trust: 0.1
url:	http://secunia.com/product/12535/	Trust: 0.1
url:	http://secunia.com/product/13671/	Trust: 0.1
url:	http://secunia.com/product/2266/	Trust: 0.1
url:	http://secunia.com/product/13662/	Trust: 0.1
url:	http://secunia.com/product/6035/	Trust: 0.1
url:	http://secunia.com/product/13674/	Trust: 0.1

sources: VULHUB: VHN-24829 // BID: 22982 // JVNDB: JVNDB-2007-001703 // PACKETSTORM: 55116 // CNNVD: CNNVD-200703-426 // NVD: CVE-2007-1467

CREDITS

Erwin Paternotte from Fox-IT and Cassio Goldschmidt are credited with the discovery of this issue.

Trust: 0.9

sources: BID: 22982 // CNNVD: CNNVD-200703-426

SOURCES

db:	VULHUB	id:	VHN-24829
db:	BID	id:	22982
db:	JVNDB	id:	JVNDB-2007-001703
db:	PACKETSTORM	id:	55116
db:	CNNVD	id:	CNNVD-200703-426
db:	NVD	id:	CVE-2007-1467

LAST UPDATE DATE

2024-11-23T23:00:20.777000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-24829	date:	2018-10-16T00:00:00
db:	BID	id:	22982	date:	2015-05-12T19:33:00
db:	JVNDB	id:	JVNDB-2007-001703	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200703-426	date:	2007-03-22T00:00:00
db:	NVD	id:	CVE-2007-1467	date:	2024-11-21T00:28:22.977

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-24829	date:	2007-03-16T00:00:00
db:	BID	id:	22982	date:	2007-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2007-001703	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	55116	date:	2007-03-17T02:22:27
db:	CNNVD	id:	CNNVD-200703-426	date:	2007-03-16T00:00:00
db:	NVD	id:	CVE-2007-1467	date:	2007-03-16T21:19:00