CVE-2008-7220 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2008-7220?

CVE-2008-7220 is a vulnerability with a CVSS score of 7.5 (HIGH). Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.

Q: How severe is CVE-2008-7220?

CVE-2008-7220 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-7220?

Check the references section above for vendor advisories and patch information. Affected products include: Prototypejs Prototype, Debian Debian Linux.

Vulnerability Description

Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Prototypejs	Prototype	< 1.6.0.2
Debian	Debian Linux	5.0

References

http://github.com/sstephenson/prototype/blob/master/CHANGELOGRelease NotesThird Party Advisory
http://osvdb.org/46312Broken Link
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-DependenciesThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2019/May/10Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2019/May/11Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2019/May/13Mailing ListThird Party Advisory
http://secunia.com/advisories/37479Third Party Advisory
http://secunia.com/advisories/37677Third Party Advisory
http://www.debian.org/security/2009/dsa-1952Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/07/2Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=523277Issue TrackingPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=533137Issue TrackingNot ApplicableThird Party Advisory
https://lists.apache.org/thread.html/2ad48cd9d47edd0e677082eb869115809473a117e1e
https://lists.apache.org/thread.html/6d1b9a75a004dab42c81e8aa149d90e6fd26ce8cd6d
https://lists.apache.org/thread.html/769fcc5f331b61c4d7ce16b807678e9a1799628d014

FAQ

What is CVE-2008-7220?

CVE-2008-7220 is a vulnerability with a CVSS score of 7.5 (HIGH). Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.

How severe is CVE-2008-7220?

CVE-2008-7220 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-7220?

Check the references section above for vendor advisories and patch information. Affected products include: Prototypejs Prototype, Debian Debian Linux.