Vulnerability Description
Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xythos | Digital Locker | <= 6.0.46.0 |
| Xythos | Enterprise Document Manager | <= 6.0.46.0 |
| Xythos | Webfile Server | <= 6.0.46.0 |
References
- http://osvdb.org/37614
- http://secunia.com/advisories/25783
- http://securityreason.com/securityalert/2845
- http://securitytracker.com/id?1018291
- http://securitytracker.com/id?1018292
- http://www.securityfocus.com/archive/1/472275/100/0/threaded
- http://www.securityfocus.com/bid/24521Patch
- http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35086
- http://osvdb.org/37614
- http://secunia.com/advisories/25783
- http://securityreason.com/securityalert/2845
- http://securitytracker.com/id?1018291
- http://securitytracker.com/id?1018292
- http://www.securityfocus.com/archive/1/472275/100/0/threaded
FAQ
What is CVE-2007-3256?
CVE-2007-3256 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with docu...
How severe is CVE-2007-3256?
CVE-2007-3256 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3256?
Check the references section above for vendor advisories and patch information. Affected products include: Xythos Digital Locker, Xythos Enterprise Document Manager, Xythos Webfile Server.