Vulnerability Name:

CVE-2007-4650 (CCN-36474)

Assigned:2007-08-29
Published:2007-08-29
Updated:2011-03-08
Summary:Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
CWE-264
Vulnerability Consequences:Data Manipulation
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=191587

Source: MITRE
Type: CNA
CVE-2007-4650

Source: CCN
Type: Gallery Web site
Gallery 2.2.3 Security Fix Release (security bugs in the WebDAV and Reupload modules)

Source: CONFIRM
Type: Patch
http://gallery.menalto.com/gallery_2.2.3_released

Source: OSVDB
Type: UNKNOWN
41657

Source: OSVDB
Type: UNKNOWN
41658

Source: CCN
Type: SA26716
Gallery WebDAV and Reupload Module Data Manipulation Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
26716

Source: SECUNIA
Type: UNKNOWN
26719

Source: SECUNIA
Type: UNKNOWN
27502

Source: SECUNIA
Type: UNKNOWN
27594

Source: GENTOO
Type: UNKNOWN
GLSA-200711-03

Source: DEBIAN
Type: UNKNOWN
DSA-1404

Source: DEBIAN
Type: DSA-1404
gallery2 -- programming error

Source: CCN
Type: GLSA-200711-03
Gallery: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 41657
Gallery WebDAV Module Unspecified File Manipulation

Source: CCN
Type: OSVDB ID: 41658
Gallery Reupload Module Linked Item Unspecified File Manipulation

Source: BID
Type: UNKNOWN
25580

Source: CCN
Type: BID-25580
Gallery Multiple Unauthorized Access Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-3072

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=267421

Source: XF
Type: UNKNOWN
gallery-multiple-data-manipulation(36474)

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-2020

Vulnerable Configuration:Configuration 1:
  • cpe:/a:bharat_mediratta:gallery:*:*:*:*:*:*:*:* (Version <= 2.2.2)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:18693
    P
    		DSA-1404-1 gallery2 - privilege escalation
    2014-06-23
    oval:org.debian:def:1404
    V
    		programming error
    2007-11-08
    BACK
    bharat_mediratta gallery *