CVE-2007-4385
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/08/2007
Last modified:
09/04/2025
Description
OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:owasp:stinger:*:*:*:*:*:*:*:* | 2.4 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://o0o.nu/~meder/o0o_bypassing_servlet_input_validation_filters.txt
- http://osvdb.org/39544
- http://secunia.com/advisories/26441
- http://securityreason.com/securityalert/3035
- http://www.securityfocus.com/archive/1/476288/100/0/threaded
- http://www.securityfocus.com/bid/25294
- http://www.securitytracker.com/id?1018555=
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35981
- http://o0o.nu/~meder/o0o_bypassing_servlet_input_validation_filters.txt
- http://osvdb.org/39544
- http://secunia.com/advisories/26441
- http://securityreason.com/securityalert/3035
- http://www.securityfocus.com/archive/1/476288/100/0/threaded
- http://www.securityfocus.com/bid/25294
- http://www.securitytracker.com/id?1018555=
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35981