Vulnerability Description
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ez | Ez Publish | <= 3.8.8 |
References
- http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_Patch
- http://osvdb.org/40325
- http://secunia.com/advisories/26686
- http://www.securityfocus.com/bid/25538
- http://ez.no/community/news/ez_publish_security_fixes_3_9_3_and_3_8_9
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_8_to_3_
- http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_9_2_to_3_Patch
- http://osvdb.org/40325
- http://secunia.com/advisories/26686
- http://www.securityfocus.com/bid/25538
FAQ
What is CVE-2007-4494?
CVE-2007-4494 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
How severe is CVE-2007-4494?
CVE-2007-4494 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4494?
Check the references section above for vendor advisories and patch information. Affected products include: Ez Ez Publish.