ByteOS Network

Vulnerability Details :

CVE-2007-3821

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-17 Jul, 2007 | 01:00

Updated At-07 Aug, 2024 | 14:28

Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:17 Jul, 2007 | 01:00

Updated At:07 Aug, 2024 | 14:28

▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://osvdb.org/38181	vdb-entry x_refsource_OSVDB
http://www.securityfocus.com/bid/24913	vdb-entry x_refsource_BID
http://securityreason.com/securityalert/2890	third-party-advisory x_refsource_SREASON
http://www.securityfocus.com/archive/1/473714/100/0/threaded	mailing-list x_refsource_BUGTRAQ
http://secunia.com/advisories/26090	third-party-advisory x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/35432	vdb-entry x_refsource_XF

Hyperlink: http://osvdb.org/38181

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://www.securityfocus.com/bid/24913

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://securityreason.com/securityalert/2890

Resource:

third-party-advisory

x_refsource_SREASON

Hyperlink: http://www.securityfocus.com/archive/1/473714/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://secunia.com/advisories/26090

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35432

Resource:

vdb-entry

x_refsource_XF

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://osvdb.org/38181	vdb-entry x_refsource_OSVDB x_transferred
http://www.securityfocus.com/bid/24913	vdb-entry x_refsource_BID x_transferred
http://securityreason.com/securityalert/2890	third-party-advisory x_refsource_SREASON x_transferred
http://www.securityfocus.com/archive/1/473714/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://secunia.com/advisories/26090	third-party-advisory x_refsource_SECUNIA x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/35432	vdb-entry x_refsource_XF x_transferred

Hyperlink: http://osvdb.org/38181

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: http://www.securityfocus.com/bid/24913

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://securityreason.com/securityalert/2890

Resource:

third-party-advisory

x_refsource_SREASON

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/473714/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://secunia.com/advisories/26090

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35432

Resource:

vdb-entry

x_refsource_XF

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:17 Jul, 2007 | 01:30

Updated At:15 Oct, 2018 | 21:31

Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

citadel>>webcit>>Versions up to 7.10(inclusive)

cpe:2.3:a:citadel:webcit:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://osvdb.org/38181	cve@mitre.org	N/A
http://secunia.com/advisories/26090	cve@mitre.org	Vendor Advisory
http://securityreason.com/securityalert/2890	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/473714/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/24913	cve@mitre.org	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/35432	cve@mitre.org	N/A

Hyperlink: http://osvdb.org/38181

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/26090

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://securityreason.com/securityalert/2890

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/473714/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/24913

Source: cve@mitre.org

Resource:

Exploit

Patch

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35432

Source: cve@mitre.org

Resource: N/A

Similar CVEs

3Records found

CVE-2008-0394

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-15.37% / 94.37%

7 Day CHG~0.00%

Published-23 Jan, 2008 | 11:00

Updated-07 Aug, 2024 | 07:46

Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information.

Vendor-citadel n/a

Product-smtp n/a

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2009-0364

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-1.62% / 81.11%

7 Day CHG~0.00%

Published-24 Mar, 2009 | 19:00

Updated-07 Aug, 2024 | 04:31

Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors.

Vendor-citadel n/a

Product-webcit n/a

CWE ID-CWE-134

Use of Externally-Controlled Format String

CVE-2020-27739

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-2.23% / 83.84%

7 Day CHG~0.00%

Published-28 Oct, 2020 | 18:44

Updated-04 Aug, 2024 | 16:18

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

Vendor-citadel n/a

Product-webcit n/a

CWE ID-CWE-613

Insufficient Session Expiration

CVE-2007-3821

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs