PT-2007-1668 · Getahead · Getahead Direct Web Remoting

Published

2007-01-11

Updated

2022-05-01

CVE-2007-0184

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Getahead Direct Web Remoting (DWR) versions prior to 1.1.4

Description The issue allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

Recommendations For versions prior to 1.1.4, update to version 1.1.4 or later to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2007-0184

GHSA-384C-GG34-G96H

Affected Products

Getahead Direct Web Remoting

PT-2007-1668 · Getahead · Getahead Direct Web Remoting

CVE-2007-0184

Weakness Enumeration

Related Identifiers

Affected Products

References · 10