| Vulnerability Name: | CVE-2007-3502 (CCN-35130) | ||||||||
| Assigned: | 2007-06-21 | ||||||||
| Published: | 2007-06-21 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories. | ||||||||
| CVSS v3 Severity: | 4.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
2.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-3502 Source: OSVDB Type: UNKNOWN 37217 Source: CCN Type: SA25857 Kaspersky Anti-Spam Directory Access Authentication Bypass Source: SECUNIA Type: Vendor Advisory 25857 Source: CCN Type: SECTRACK ID: 1018324 Kaspersky Anti-Spam Product Configuration System Grants Directory Access to Users Source: CCN Type: Kaspersky Tech News 06.21.2007 Critical Fix 1 for Kaspersky Anti-Spam 3.0 MP1 (CF1 3.0.274.0) Source: CONFIRM Type: Patch http://www.kaspersky.com/technews?id=203038700 Source: CCN Type: OSVDB ID: 37217 Kaspersky Anti-Spam Control Center Web Config aslic_status.cgi Directory Listing Source: BID Type: UNKNOWN 24692 Source: CCN Type: BID-24692 Kaspersky Anti-Spam Unauthorized Directory Access Authentication Bypass Vulnerability Source: SECTRACK Type: UNKNOWN 1018324 Source: VUPEN Type: UNKNOWN ADV-2007-2382 Source: XF Type: UNKNOWN kaspersky-antispam-security-bypass(35130) Source: XF Type: UNKNOWN kaspersky-antispam-security-bypass(35130) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||