Vulnerability Description
Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Real Time Logic | Barracudadrive Web Server | 3.7.2 |
| Real Time Logic | Barracudadrive Web Server Home Server | 3.7.2 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/barradrive-adv.txtExploit
- http://secunia.com/advisories/28032Vendor Advisory
- http://securityreason.com/securityalert/3434
- http://www.securityfocus.com/archive/1/484833/100/0/threaded
- http://www.securityfocus.com/bid/26805ExploitPatch
- http://aluigi.altervista.org/adv/barradrive-adv.txtExploit
- http://secunia.com/advisories/28032Vendor Advisory
- http://securityreason.com/securityalert/3434
- http://www.securityfocus.com/archive/1/484833/100/0/threaded
- http://www.securityfocus.com/bid/26805ExploitPatch
FAQ
What is CVE-2007-6316?
CVE-2007-6316 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activa...
How severe is CVE-2007-6316?
CVE-2007-6316 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6316?
Check the references section above for vendor advisories and patch information. Affected products include: Real Time Logic Barracudadrive Web Server, Real Time Logic Barracudadrive Web Server Home Server.