CVE-2007-0184 - Vulnerability Details - OpenCVE

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00743.

Key SSVC decision points have not yet been added.

Vendors	Products
Getahead	Direct Web Remoting

Configuration 1 [-]

OR	cpe:2.3:a:getahead:direct_web_remoting::::::::
	cpe:2.3:a:getahead:direct_web_remoting:0.7:::::::*
	cpe:2.3:a:getahead:direct_web_remoting:0.8:::::::*
	cpe:2.3:a:getahead:direct_web_remoting:0.9:::::::*
	cpe:2.3:a:getahead:direct_web_remoting:1.0:::::::*
	cpe:2.3:a:getahead:direct_web_remoting:1.1.0:::::::*
	cpe:2.3:a:getahead:direct_web_remoting:1.1.1:::::::*
	cpe:2.3:a:getahead:direct_web_remoting:1.1.2:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-2131	Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.
Github GHSA	GHSA-384c-gg34-g96h	Incorrect Authorization in Getahead Direct Web Remoting

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://getahead.ltd.uk/dwr/changelog
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://osvdb.org/32657
http://secunia.com/advisories/23641
http://www.securityfocus.com/bid/21955
http://www.vupen.com/english/advisories/2007/0095
https://exchange.xforce.ibmcloud.com/vulnerabilities/31377

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-11T02:00:00

Updated: 2024-08-07T12:12:18.031Z

Reserved: 2007-01-10T00:00:00

Link: CVE-2007-0184

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-12T05:04:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0184

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32657", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32657"}, {"name": "23641", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23641"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://getahead.ltd.uk/dwr/changelog"}, {"name": "ADV-2007-0095", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0095"}, {"name": "SUSE-SR:2009:004", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"}, {"name": "21955", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21955"}, {"name": "dwr-include-exclude-security-bypass(31377)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31377"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0184", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32657", "refsource": "OSVDB", "url": "http://osvdb.org/32657"}, {"name": "23641", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23641"}, {"name": "http://getahead.ltd.uk/dwr/changelog", "refsource": "CONFIRM", "url": "http://getahead.ltd.uk/dwr/changelog"}, {"name": "ADV-2007-0095", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0095"}, {"name": "SUSE-SR:2009:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"}, {"name": "21955", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21955"}, {"name": "dwr-include-exclude-security-bypass(31377)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31377"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:12:18.031Z"}, "title": "CVE Program Container", "references": [{"name": "32657", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32657"}, {"name": "23641", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23641"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://getahead.ltd.uk/dwr/changelog"}, {"name": "ADV-2007-0095", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0095"}, {"name": "SUSE-SR:2009:004", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"}, {"name": "21955", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21955"}, {"name": "dwr-include-exclude-security-bypass(31377)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31377"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0184", "datePublished": "2007-01-11T02:00:00", "dateReserved": "2007-01-10T00:00:00", "dateUpdated": "2024-08-07T12:12:18.031Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getahead:direct_web_remoting:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B67B484-28E5-4BDE-8A6C-B75A19F56182", "versionEndIncluding": "1.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "52977FDE-0275-4BF1-8C42-95F04B7715E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "4650E594-D2AB-45E9-9D3D-5CB02A23B206", "vulnerable": true}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "B7385D94-4E21-4243-B8AD-631161618E83", "vulnerable": true}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC5372F5-047F-4EFC-AD71-BFA4D442927E", "vulnerable": true}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "71E1BE4C-CBCF-4AEE-9118-D2A9631E3555", "vulnerable": true}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F4C1ACF-0F37-4C8C-9D6C-09A40CD96F4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:getahead:direct_web_remoting:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "02E1927F-7837-426B-B294-4C3A650C9802", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks."}, {"lang": "es", "value": "Getahead Direct Web Remoting (DWR) versiones anteriores a 1.1.4 permite a atacantes obtener acceso no autorizado a m\u00e9todos p\u00fablicos mediante una petici\u00f3n manipulada que evita las comprobaciones include/exclude."}], "id": "CVE-2007-0184", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-12T05:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://getahead.ltd.uk/dwr/changelog"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32657"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23641"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21955"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0095"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31377"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://getahead.ltd.uk/dwr/changelog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32657"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23641"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21955"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31377"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}