Vulnerability Description
Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gekkoware | Gekko | <= 0.8.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/44151
- http://securityreason.com/securityalert/3451
- http://www.securityfocus.com/archive/1/484330/100/0/threaded
- http://www.securityfocus.com/archive/1/484343/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38735
- http://osvdb.org/44151
- http://securityreason.com/securityalert/3451
- http://www.securityfocus.com/archive/1/484330/100/0/threaded
- http://www.securityfocus.com/archive/1/484343/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38735
FAQ
What is CVE-2007-6361?
CVE-2007-6361 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated...
How severe is CVE-2007-6361?
CVE-2007-6361 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6361?
Check the references section above for vendor advisories and patch information. Affected products include: Gekkoware Gekko.