Sign-up

ID

VAR-201912-0003


CVE

CVE-2007-0158


TITLE

thttpd Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2007-006507

DESCRIPTION

thttpd 2007 has buffer underflow. thttpd Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. thttpd is a lightweight open source web server from ACME Labs. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2007-0158 // JVNDB: JVNDB-2007-006507 // CNVD: CNVD-2020-14092

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14092

AFFECTED PRODUCTS

vendor:acmemodel:thttpdscope:eqversion:2007

Trust: 1.6

vendor:acme laboratoriesmodel:thttpdscope:eqversion:2007

Trust: 0.8

vendor:acmemodel:laboratories thttpdscope:eqversion:2007

Trust: 0.6

sources: CNVD: CNVD-2020-14092 // JVNDB: JVNDB-2007-006507 // CNNVD: CNNVD-201912-1182 // NVD: CVE-2007-0158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0158
value: CRITICAL

Trust: 1.0

NVD: CVE-2007-0158
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-14092
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-1182
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2007-0158
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-14092
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2007-0158
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2007-0158
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14092 // JVNDB: JVNDB-2007-006507 // CNNVD: CNNVD-201912-1182 // NVD: CVE-2007-0158

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2007-006507 // NVD: CVE-2007-0158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1182

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-1182

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-006507

PATCH
title:Top Pageurl:http://acme.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-006507

EXTERNAL IDS
db:NVDid:CVE-2007-0158
Trust: 3.0
db:JVNDBid:JVNDB-2007-006507
Trust: 0.8
db:CNVDid:CNVD-2020-14092
Trust: 0.6
db:CNNVDid:CNNVD-201912-1182
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14092 // 
            
            
            
            JVNDB: JVNDB-2007-006507 // 
            
            
            
            CNNVD: CNNVD-201912-1182 // 
            
            
            
            NVD: CVE-2007-0158

REFERENCES
url:http://taviso.decsystem.org/research.t2t
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2007-0158
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0158
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-14092 // 
            
            
            
            JVNDB: JVNDB-2007-006507 // 
            
            
            
            CNNVD: CNNVD-201912-1182 // 
            
            
            
            NVD: CVE-2007-0158

SOURCES
db:CNVDid:CNVD-2020-14092
db:JVNDBid:JVNDB-2007-006507
db:CNNVDid:CNNVD-201912-1182
db:NVDid:CVE-2007-0158

LAST UPDATE DATE
2024-08-14T15:38:40.961000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-14092date:2020-02-27T00:00:00
db:JVNDBid:JVNDB-2007-006507date:2020-01-21T00:00:00
db:CNNVDid:CNNVD-201912-1182date:2020-01-17T00:00:00
db:NVDid:CVE-2007-0158date:2020-01-08T19:02:10.400

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-14092date:2020-02-27T00:00:00
db:JVNDBid:JVNDB-2007-006507date:2020-01-21T00:00:00
db:CNNVDid:CNNVD-201912-1182date:2019-12-27T00:00:00
db:NVDid:CVE-2007-0158date:2019-12-27T18:15:10.630