CVE-2007-6410 - Vulnerability Details - OpenCVE

Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00114.

Key SSVC decision points have not yet been added.

Vendors	Products
Gadu-gadu	Gadu-gadu Instant Messenger

Configuration 1 [-]

cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2007-6376	Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://securityreason.com/securityalert/3458
http://www.securityfocus.com/archive/1/484607/100/0/threaded

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-17T18:00:00

Updated: 2024-08-07T16:02:36.854Z

Reserved: 2007-12-17T00:00:00

Link: CVE-2007-6410

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-12-17T18:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-6410

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified \"crafted link,\" possibly related to the gg protocol."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20071205 [ELEYTT] Public Advisory 05-12-2007", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/484607/100/0/threaded"}, {"name": "3458", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3458"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6410", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified \"crafted link,\" possibly related to the gg protocol."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20071205 [ELEYTT] Public Advisory 05-12-2007", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484607/100/0/threaded"}, {"name": "3458", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3458"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:02:36.854Z"}, "title": "CVE Program Container", "references": [{"name": "20071205 [ELEYTT] Public Advisory 05-12-2007", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484607/100/0/threaded"}, {"name": "3458", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3458"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6410", "datePublished": "2007-12-17T18:00:00", "dateReserved": "2007-12-17T00:00:00", "dateUpdated": "2024-08-07T16:02:36.854Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB080D26-16DA-46A3-A446-9793E0D4537A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified \"crafted link,\" possibly related to the gg protocol."}, {"lang": "es", "value": "Gadu-Gadu no realiza una gesti\u00f3n apropiada de protocolo, lo cual permite a atacantes remotos conducir ataques de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) y a\u00f1adir cuentas de usuario de su elecci\u00f3n \u00f3 provocar una denegaci\u00f3n de servicio como administradores mediante un \"enlace manipulado\" no especificado, posiblemente relativo al protocolo gg."}], "id": "CVE-2007-6410", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-12-17T18:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3458"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/484607/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3458"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484607/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}