CVE-2007-6385
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
15/12/2007
Last modified:
09/04/2025
Description
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:kerio:winroute_firewall:*:*:*:*:*:*:*:* | 6.4.0 (including) | |
cpe:2.3:a:kerio:winroute_firewall:5.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.0.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.0.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.0.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.0.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.0.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.0.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.0.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.1.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.1.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:kerio:winroute_firewall:5.1.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/42122
- http://secunia.com/advisories/28072
- http://www.kerio.com/kwf_history.html
- http://www.securityfocus.com/bid/26851
- http://www.securitytracker.com/id?1019095=
- http://www.vupen.com/english/advisories/2007/4212
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39020
- http://osvdb.org/42122
- http://secunia.com/advisories/28072
- http://www.kerio.com/kwf_history.html
- http://www.securityfocus.com/bid/26851
- http://www.securitytracker.com/id?1019095=
- http://www.vupen.com/english/advisories/2007/4212
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39020