Vulnerability Details CVE-2007-5113
report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/
- http://securityvulns.ru/Sdocument90.html
- http://websecurity.com.ua/1283/
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- http://www.securityfocus.com/bid/26037
- http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/
- http://securityvulns.ru/Sdocument90.html
- http://websecurity.com.ua/1283/
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- http://www.securityfocus.com/bid/26037
Products affected by CVE-2007-5113
-
cpe:2.3:a:roi_revolution:urchin:*