Vulnerability Description
report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Roi Revolution | Urchin | <= 5.7.03 |
Related Weaknesses (CWE)
References
- http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urc
- http://securityvulns.ru/Sdocument90.html
- http://websecurity.com.ua/1283/
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- http://www.securityfocus.com/bid/26037
- http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urc
- http://securityvulns.ru/Sdocument90.html
- http://websecurity.com.ua/1283/
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- http://www.securityfocus.com/bid/26037
FAQ
What is CVE-2007-5113?
CVE-2007-5113 is a vulnerability with a CVSS score of 5.0 (MEDIUM). report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile...
How severe is CVE-2007-5113?
CVE-2007-5113 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5113?
Check the references section above for vendor advisories and patch information. Affected products include: Roi Revolution Urchin.