CVE-2007-3416 - OpenCVE

Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Web-app.org	Webapp
Web App.net	Webapp

Configuration 1 [-]

OR	cpe:2.3:a:web-app.org:webapp::::::::
	cpe:2.3:a:web_app.net:webapp:0.9.9.3.3:::::::*
	cpe:2.3:a:web_app.net:webapp:0.9.9.3.4:::::::*
	cpe:2.3:a:web_app.net:webapp:2007:::::::*

No data.

References

Link	Providers
http://www.attrition.org/pipermail/vim/2007-June/001687.html
http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip
https://exchange.xforce.ibmcloud.com/vulnerabilities/35929

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-26T23:00:00

Updated: 2024-08-07T14:14:12.973Z

Reserved: 2007-06-26T00:00:00

Link: CVE-2007-3416

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-06-26T23:30:00.000

Modified: 2017-07-29T01:32:14.690

Link: CVE-2007-3416

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "webapp-org-administration-csrf(35929)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35929"}, {"name": "20070628 Regarding Web-APP.org WebAPP CVE Entry Details", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-June/001687.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3416", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "webapp-org-administration-csrf(35929)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35929"}, {"name": "20070628 Regarding Web-APP.org WebAPP CVE Entry Details", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-June/001687.html"}, {"name": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip", "refsource": "CONFIRM", "url": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip"}, {"name": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458", "refsource": "CONFIRM", "url": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:14:12.973Z"}, "title": "CVE Program Container", "references": [{"name": "webapp-org-administration-csrf(35929)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35929"}, {"name": "20070628 Regarding Web-APP.org WebAPP CVE Entry Details", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-June/001687.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3416", "datePublished": "2007-06-26T23:00:00", "dateReserved": "2007-06-26T00:00:00", "dateUpdated": "2024-08-07T14:14:12.973Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*", "matchCriteriaId": "148D57A7-D6B9-41A5-8B65-DCE7072E1C31", "versionEndIncluding": "0.9.9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:web_app.net:webapp:0.9.9.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B7FEF150-67B7-4611-9561-F9E93373AA0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:web_app.net:webapp:0.9.9.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "3856F3E6-495D-4D6C-92E3-FFB38637668C", "vulnerable": true}, {"criteria": "cpe:2.3:a:web_app.net:webapp:2007:*:*:*:*:*:*:*", "matchCriteriaId": "53BABD38-620E-43F7-8BD4-926F02F0F256", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en la administraci\u00f3n de (1) sondeos, (2) perfiles, (3) prohibiciones IP y (4) foros en (a) web-app.org WebAPP versiones 0.8 hasta 0.9.9.6; y (b) web-app.net WebAPP versiones 0.9.9.3.3, 0.9.9.3.4 y 2007; permite a atacantes remotos realizar eliminaciones como administradores."}], "id": "CVE-2007-3416", "lastModified": "2017-07-29T01:32:14.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-26T23:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-June/001687.html"}, {"source": "cve@mitre.org", "url": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35929"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}