CVE-2007-0975 - Vulnerability Details - OpenCVE

Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache Stats	Apache Stats

Configuration 1 [-]

OR	cpe:2.3:a:apache_stats:apache_stats:0.0.1_beta:::::::*
	cpe:2.3:a:apache_stats:apache_stats:0.0.2_beta:::::::*

No data.

References

Link	Providers
http://sourceforge.net/forum/forum.php?forum_id=660919
http://superb-east.dl.sourceforge.net/sourceforge/apachestats/apacheStats_0.0.3Beta.tar.bz2
http://www.vupen.com/english/advisories/2007/0598

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-16T01:00:00

Updated: 2024-08-07T12:43:21.544Z

Reserved: 2007-02-15T00:00:00

Link: CVE-2007-0975

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-02-16T01:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0975

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-02T00:00:00", "descriptions": [{"lang": "en", "value": "Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-26T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://superb-east.dl.sourceforge.net/sourceforge/apachestats/apacheStats_0.0.3Beta.tar.bz2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/forum/forum.php?forum_id=660919"}, {"name": "ADV-2007-0598", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0598"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0975", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://superb-east.dl.sourceforge.net/sourceforge/apachestats/apacheStats_0.0.3Beta.tar.bz2", "refsource": "CONFIRM", "url": "http://superb-east.dl.sourceforge.net/sourceforge/apachestats/apacheStats_0.0.3Beta.tar.bz2"}, {"name": "http://sourceforge.net/forum/forum.php?forum_id=660919", "refsource": "CONFIRM", "url": "http://sourceforge.net/forum/forum.php?forum_id=660919"}, {"name": "ADV-2007-0598", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0598"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:43:21.544Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://superb-east.dl.sourceforge.net/sourceforge/apachestats/apacheStats_0.0.3Beta.tar.bz2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/forum/forum.php?forum_id=660919"}, {"name": "ADV-2007-0598", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0598"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0975", "datePublished": "2007-02-16T01:00:00", "dateReserved": "2007-02-15T00:00:00", "dateUpdated": "2024-08-07T12:43:21.544Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache_stats:apache_stats:0.0.1_beta:*:*:*:*:*:*:*", "matchCriteriaId": "6F90898A-2776-4472-8528-0EA04125F0CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache_stats:apache_stats:0.0.2_beta:*:*:*:*:*:*:*", "matchCriteriaId": "32AAD63C-C5E1-4F7A-B99C-556508876F0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array."}, {"lang": "es", "value": "Vulnerabilidad de extracci\u00f3n de variables en Ian Bezanson Apache Stats versiones anteriores a 0.0.3 beta permite a atacantes remotos sobre-escribir variables cr\u00edticas, con impacto desconocido, que la funci\u00f3n de extracci\u00f3n se usa en el array superglobal _REQUEST."}], "id": "CVE-2007-0975", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-16T01:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/forum/forum.php?forum_id=660919"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://superb-east.dl.sourceforge.net/sourceforge/apachestats/apacheStats_0.0.3Beta.tar.bz2"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sourceforge.net/forum/forum.php?forum_id=660919"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://superb-east.dl.sourceforge.net/sourceforge/apachestats/apacheStats_0.0.3Beta.tar.bz2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0598"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}