VAR-200710-0051
Vulnerability from variot - Updated: 2025-04-10 23:24Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. This issue affects versions of CA HIPS prior to 8.0.0.93. CA-based host intrusion detection system (HIPS) combines independent firewall, intrusion detection and defense capabilities to provide active centralized threat defense.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications.
Input passed in certain requests to the server is not properly sanitised before being logged.
The vulnerability is reported in versions prior to 8.0.0.93.
SOLUTION: Apply patches. http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO91494
PROVIDED AND/OR DISCOVERED BY: The vendor credits David Maciejak.
ORIGINAL ADVISORY: http://supportconnectw.ca.com/public/cahips/infodocs/cahips-secnotice.asp
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Title: [CAID 35754]: CA Host-Based Intrusion Prevention System (CA HIPS) Server Vulnerability
CA Vuln ID (CAID): 35754
CA Advisory Date: 2007-10-18
Reported By: David Maciejak
Impact: A remote attacker can take unauthorized administrative action. The vulnerability, CVE-2007-5472, occurs due to raw request data being displayed in the log when viewed by a browser. Note: The client installation is not vulnerable.
Mitigating Factors: The client installation is not vulnerable.
Severity: CA has given these vulnerabilities a maximum risk rating of Medium.
Affected Products: CA Host-Based Intrusion Prevention System (CA HIPS) r8
Affected Platforms: Windows
Status and Recommendation: CA has issued the following patch to address the vulnerabilities. CA Host-Based Intrusion Prevention System (CA HIPS) r8: QO91494
How to determine if you are affected: 1. Log in to the HIPS Administration Console. 2. Scroll down to the end of the Main page. 3. Press the "About" link on the right bottom side of the page. 4. Check the version. If the version is less than 8.0.0.93, the installation is vulnerable.
Workaround: None
References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ Security Notice for CA Host-Based Intrusion Prevention System (CA HIPS) Server http://supportconnectw.ca.com/public/cahips/infodocs/cahips-secnotice.asp Solution Document Reference APARs: QO91494 CA Security Advisor posting: CA Host-Based Intrusion Prevention System (CA HIPS) Server Vulnerability http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=158327 CA Vuln ID (CAID): 35754 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35754 Reported By: David Maciejak CVE References: CVE-2007-5472 - log content injection http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5472 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFHGLWAeSWR3+KUGYURAlHTAJ9Wee7boFMoFj8p/dsrJl7YbkWmvQCbBeJ0 YlGWH5DdYWfAT3nGzaxImnk= =bkku -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200710-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "host-based intrusion prevention system",
"scope": "lte",
"trust": 1.0,
"vendor": "broadcom",
"version": "8"
},
{
"model": "host-based intrusion prevention system",
"scope": "lt",
"trust": 0.8,
"vendor": "ca",
"version": "8.0.0.93"
},
{
"model": "host-based intrusion prevention system",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "8"
},
{
"model": "associates host-based intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.093"
}
],
"sources": [
{
"db": "BID",
"id": "26134"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002787"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-426"
},
{
"db": "NVD",
"id": "CVE-2007-5472"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ca:host-based_intrusion_prevention_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002787"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Maciejak\u203b david.maciejak@kyxar.fr",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-426"
}
],
"trust": 0.6
},
"cve": "CVE-2007-5472",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-5472",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-28834",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-5472",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-5472",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200710-426",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-28834",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28834"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002787"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-426"
},
{
"db": "NVD",
"id": "CVE-2007-5472"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer. \nAttacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. \nThis issue affects versions of CA HIPS prior to 8.0.0.93. CA-based host intrusion detection system (HIPS) combines independent firewall, intrusion detection and defense capabilities to provide active centralized threat defense. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,700 different Windows applications. \n\nInput passed in certain requests to the server is not properly\nsanitised before being logged. \n\nThe vulnerability is reported in versions prior to 8.0.0.93. \n\nSOLUTION:\nApply patches. \nhttp://supportconnect.ca.com/sc/redir.jsp?reqPage=search\u0026searchID=QO91494\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits David Maciejak. \n\nORIGINAL ADVISORY:\nhttp://supportconnectw.ca.com/public/cahips/infodocs/cahips-secnotice.asp\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nTitle: [CAID 35754]: CA Host-Based Intrusion Prevention System \n(CA HIPS) Server Vulnerability\n\nCA Vuln ID (CAID): 35754\n\nCA Advisory Date: 2007-10-18\n\nReported By: David Maciejak\n\nImpact: A remote attacker can take unauthorized administrative \naction. The \nvulnerability, CVE-2007-5472, occurs due to raw request data being \ndisplayed in the log when viewed by a browser. Note: The client \ninstallation is not vulnerable. \n\nMitigating Factors: The client installation is not vulnerable. \n\nSeverity: CA has given these vulnerabilities a maximum risk rating \nof Medium. \n\nAffected Products:\nCA Host-Based Intrusion Prevention System (CA HIPS) r8\n\nAffected Platforms:\nWindows\n\nStatus and Recommendation:\nCA has issued the following patch to address the vulnerabilities. \nCA Host-Based Intrusion Prevention System (CA HIPS) r8: QO91494\n\nHow to determine if you are affected:\n1. Log in to the HIPS Administration Console. \n2. Scroll down to the end of the Main page. \n3. Press the \"About\" link on the right bottom side of the page. \n4. Check the version. If the version is less than 8.0.0.93, the \n installation is vulnerable. \n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nSecurity Notice for CA Host-Based Intrusion Prevention System \n(CA HIPS) Server\nhttp://supportconnectw.ca.com/public/cahips/infodocs/cahips-secnotice.asp\nSolution Document Reference APARs:\nQO91494\nCA Security Advisor posting:\nCA Host-Based Intrusion Prevention System (CA HIPS) Server \nVulnerability\nhttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=158327\nCA Vuln ID (CAID): 35754\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35754\nReported By: \nDavid Maciejak\nCVE References:\nCVE-2007-5472 - log content injection\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5472\nOSVDB References: Pending\nhttp://osvdb.org/\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.5.3 (Build 5003)\n\nwj8DBQFHGLWAeSWR3+KUGYURAlHTAJ9Wee7boFMoFj8p/dsrJl7YbkWmvQCbBeJ0\nYlGWH5DdYWfAT3nGzaxImnk=\n=bkku\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5472"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002787"
},
{
"db": "BID",
"id": "26134"
},
{
"db": "VULHUB",
"id": "VHN-28834"
},
{
"db": "PACKETSTORM",
"id": "60238"
},
{
"db": "PACKETSTORM",
"id": "60283"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-28834",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28834"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5472",
"trust": 2.9
},
{
"db": "BID",
"id": "26134",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "27301",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2007-3547",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018839",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "37998",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002787",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200710-426",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "60283",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-28834",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60238",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28834"
},
{
"db": "BID",
"id": "26134"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002787"
},
{
"db": "PACKETSTORM",
"id": "60238"
},
{
"db": "PACKETSTORM",
"id": "60283"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-426"
},
{
"db": "NVD",
"id": "CVE-2007-5472"
}
]
},
"id": "VAR-200710-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28834"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:24:22.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Notice for CA Host-Based Intrusion Prevention System (CA HIPS) Server",
"trust": 0.8,
"url": "http://supportconnectw.ca.com/public/cahips/infodocs/cahips-secnotice.asp"
},
{
"title": "CA Host-based intrusion detection system server HTML Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147099"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002787"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-426"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28834"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002787"
},
{
"db": "NVD",
"id": "CVE-2007-5472"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://supportconnectw.ca.com/public/cahips/infodocs/cahips-secnotice.asp"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/26134"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/482536/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://osvdb.org/37998"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1018839"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27301"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3547"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37285"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5472"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5472"
},
{
"trust": 0.3,
"url": "http://www.ca.com"
},
{
"trust": 0.3,
"url": "/archive/1/482536"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27301/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16198/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo91494"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5472"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35754"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=158327"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28834"
},
{
"db": "BID",
"id": "26134"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002787"
},
{
"db": "PACKETSTORM",
"id": "60238"
},
{
"db": "PACKETSTORM",
"id": "60283"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-426"
},
{
"db": "NVD",
"id": "CVE-2007-5472"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28834"
},
{
"db": "BID",
"id": "26134"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002787"
},
{
"db": "PACKETSTORM",
"id": "60238"
},
{
"db": "PACKETSTORM",
"id": "60283"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-426"
},
{
"db": "NVD",
"id": "CVE-2007-5472"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-28834"
},
{
"date": "2007-10-18T00:00:00",
"db": "BID",
"id": "26134"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002787"
},
{
"date": "2007-10-22T18:39:08",
"db": "PACKETSTORM",
"id": "60238"
},
{
"date": "2007-10-22T22:50:26",
"db": "PACKETSTORM",
"id": "60283"
},
{
"date": "2007-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-426"
},
{
"date": "2007-10-22T19:46:00",
"db": "NVD",
"id": "CVE-2007-5472"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28834"
},
{
"date": "2007-10-19T19:47:00",
"db": "BID",
"id": "26134"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002787"
},
{
"date": "2021-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-426"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-5472"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "60283"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-426"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CA HIPS of Server Component cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002787"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-426"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…