CVE-2007-2377

Name of the Vulnerable Software and Affected Versions Getahead Direct Web Remoting (DWR) framework version 1.1.4

Description The issue allows remote attackers to obtain data through a web page that retrieves the data using a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, also known as "JavaScript Hijacking." This occurs because the framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme.

Recommendations For Getahead Direct Web Remoting (DWR) framework version 1.1.4, consider implementing a protection scheme for data exchanged using JavaScript Object Notation (JSON) to prevent unauthorized access. As a temporary workaround, restrict access to sensitive data and consider disabling the use of JSON data exchange until a proper protection scheme is in place.