CVE-2007-2415 - Vulnerability Details - OpenCVE

Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a "clean" exit in which "the server I/O loop finishes and the process exits normally."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0094.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:pi3web:pi3web_web_server:2.0.3_pl1:*:*:*:*:*:*:*

No data.

No data.

Subscriptions

Vendors	Products
Pi3web Subscribe	Pi3web Web Server Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2007-2410	Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a "clean" exit in which "the server I/O loop finishes and the process exits normally."

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/25009
http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392
http://www.securityfocus.com/bid/23713
http://www.vupen.com/english/advisories/2007/1579
https://exchange.xforce.ibmcloud.com/vulnerabilities/33967

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-01T10:00:00.000Z

Updated: 2024-08-07T13:33:28.725Z

Reserved: 2007-04-30T00:00:00.000Z

Link: CVE-2007-2415

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-05-01T10:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2415

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-30T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a \"clean\" exit in which \"the server I/O loop finishes and the process exits normally.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23713", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23713"}, {"name": "pi3web-http-dos(33967)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33967"}, {"name": "ADV-2007-1579", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1579"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392"}, {"name": "25009", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25009"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2415", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a \"clean\" exit in which \"the server I/O loop finishes and the process exits normally.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23713", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23713"}, {"name": "pi3web-http-dos(33967)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33967"}, {"name": "ADV-2007-1579", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1579"}, {"name": "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392", "refsource": "CONFIRM", "url": "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392"}, {"name": "25009", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25009"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.725Z"}, "title": "CVE Program Container", "references": [{"name": "23713", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23713"}, {"name": "pi3web-http-dos(33967)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33967"}, {"name": "ADV-2007-1579", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1579"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392"}, {"name": "25009", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25009"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2415", "datePublished": "2007-05-01T10:00:00.000Z", "dateReserved": "2007-04-30T00:00:00.000Z", "dateUpdated": "2024-08-07T13:33:28.725Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pi3web:pi3web_web_server:2.0.3_pl1:*:*:*:*:*:*:*", "matchCriteriaId": "9B9DD9D2-0E2A-4CE5-B450-8D1A2527BE83", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a \"clean\" exit in which \"the server I/O loop finishes and the process exits normally.\""}, {"lang": "es", "value": "Pi3Web Web Server versi\u00f3n 2.0.3 PL1, permite a atacantes remotos causar una denegaci\u00f3n de servicio (salida de la aplicaci\u00f3n) por medio de un URI largo. NOTA: este problema se report\u00f3 originalmente como un bloqueo, pero el proveedor declara que el impacto es una salida \"clean\" en la que \"the server I/O loop finishes and the process exits normally\u201d."}], "id": "CVE-2007-2415", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-01T10:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25009"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23713"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1579"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33967"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25009"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33967"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}