PT-2007-3194 · Apache · Apache Http Server

Gold_M

Published

2007-04-03

Updated

2017-10-11

CVE-2007-1842

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: JSBoard versions prior to 2.0.12

Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files by injecting a .. (dot dot) in the table parameter of the login.php file. This can be used to inject PHP sequences into an Apache HTTP Server log file.

Recommendations: For versions prior to 2.0.12, update to version 2.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the login.php file to minimize the risk of exploitation. Avoid using the table parameter in the login.php file until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1842

Affected Products

Apache Http Server

PT-2007-3194 · Apache · Apache Http Server

CVE-2007-1842

Related Identifiers

Affected Products

References · 8