Sign-up

ID

VAR-200702-0315


CVE

CVE-2007-0919


TITLE

Nickolas Grigoriadis Mini Web Server traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-003376

DESCRIPTION

Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. Miniwebsvr is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks. Note that the attacker can traverse to only one directory above the current working directory of the webserver application. Version 0.0.6 is vulnerable to this issue; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2007-0919 // JVNDB: JVNDB-2007-003376 // BID: 22523 // VULMON: CVE-2007-0919

AFFECTED PRODUCTS

vendor:nickolas grigoriadismodel:mini web serverscope:eqversion:0.0.6

Trust: 2.4

vendor:minimodel:web server mini web serverscope:eqversion:0.0.6

Trust: 0.3

sources: BID: 22523 // JVNDB: JVNDB-2007-003376 // CNNVD: CNNVD-200702-300 // NVD: CVE-2007-0919

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0919
value: HIGH

Trust: 1.0

NVD: CVE-2007-0919
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200702-300
value: HIGH

Trust: 0.6

VULMON: CVE-2007-0919
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-0919
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2007-0919 // JVNDB: JVNDB-2007-003376 // CNNVD: CNNVD-200702-300 // NVD: CVE-2007-0919

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0919

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200702-300

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200702-300

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003376

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2007-0919

PATCH
title:Mini Web serverurl:http://sourceforge.net/projects/miniwebsvr/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003376

EXTERNAL IDS
db:NVDid:CVE-2007-0919
Trust: 2.8
db:BIDid:22523
Trust: 2.0
db:OSVDBid:33513
Trust: 1.7
db:SREASONid:2248
Trust: 1.7
db:JVNDBid:JVNDB-2007-003376
Trust: 0.8
db:XFid:32451
Trust: 0.6
db:VIMid:20060213 VERIFIED: DOT IN MINIWEBSVR 0.0.6
Trust: 0.6
db:BUGTRAQid:20070211 MINIWEBSVR 0.0.6 - DIRECTORY TRAVERSAL
Trust: 0.6
db:CNNVDid:CNNVD-200702-300
Trust: 0.6
db:EXPLOIT-DBid:3708
Trust: 0.1
db:VULMONid:CVE-2007-0919
Trust: 0.1
sources:
            
            
            VULMON: CVE-2007-0919 // 
            
            
            
            BID: 22523 // 
            
            
            
            JVNDB: JVNDB-2007-003376 // 
            
            
            
            CNNVD: CNNVD-200702-300 // 
            
            
            
            NVD: CVE-2007-0919

REFERENCES
url:http://www.securityfocus.com/bid/22523
Trust: 1.8
url:http://attrition.org/pipermail/vim/2007-february/001315.html
Trust: 1.7
url:http://securityreason.com/securityalert/2248
Trust: 1.7
url:http://osvdb.org/33513
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/32451
Trust: 1.1
url:http://www.securityfocus.com/archive/1/459829/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0919
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0919
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/459829/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/32451
Trust: 0.6
url:http://miniwebsvr.sourceforge.net/
Trust: 0.3
url:/archive/1/459829
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/3708/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2007-0919 // 
            
            
            
            BID: 22523 // 
            
            
            
            JVNDB: JVNDB-2007-003376 // 
            
            
            
            CNNVD: CNNVD-200702-300 // 
            
            
            
            NVD: CVE-2007-0919

CREDITS
Daniel Nystrm is credited with the discovery of this vulnerability.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200702-300

SOURCES
db:VULMONid:CVE-2007-0919
db:BIDid:22523
db:JVNDBid:JVNDB-2007-003376
db:CNNVDid:CNNVD-200702-300
db:NVDid:CVE-2007-0919

LAST UPDATE DATE
2025-04-10T23:07:38.176000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2007-0919date:2018-10-16T00:00:00
db:BIDid:22523date:2015-05-12T19:34:00
db:JVNDBid:JVNDB-2007-003376date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200702-300date:2007-02-14T00:00:00
db:NVDid:CVE-2007-0919date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULMONid:CVE-2007-0919date:2007-02-14T00:00:00
db:BIDid:22523date:2007-02-12T00:00:00
db:JVNDBid:JVNDB-2007-003376date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200702-300date:2007-02-14T00:00:00
db:NVDid:CVE-2007-0919date:2007-02-14T11:28:00