CVE-2007-6385

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
15/12/2007
Last modified:
09/04/2025

Description

The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:kerio:winroute_firewall:*:*:*:*:*:*:*:* 6.4.0 (including)
cpe:2.3:a:kerio:winroute_firewall:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.1:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:kerio:winroute_firewall:5.1.4:*:*:*:*:*:*:*