cvelistv5 - cve-2007-4909

CVE-2007-4909 (GCVE-0-2007-4909)

Vulnerability from cvelistv5 – Published: 2007-09-17 17:00 – Updated: 2024-08-07 15:08

Summary

Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://winscp.cvs.sourceforge.net/winscp/winscp3/…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securityreason.com/securityalert/3141	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/25655	vdb-entryx_refsource_BID
	http://winscp.net/eng/docs/history/	x_refsource_CONFIRM
	http://secunia.com/advisories/26820	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1018697	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/479298/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:33.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30"
          },
          {
            "name": "winscp-scpsftp-command-execution(36591)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"
          },
          {
            "name": "3141",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3141"
          },
          {
            "name": "25655",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25655"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://winscp.net/eng/docs/history/"
          },
          {
            "name": "26820",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26820"
          },
          {
            "name": "1018697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018697"
          },
          {
            "name": "20070913 WinSCP \u003c 4.04 url protocol handler flaw",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30"
        },
        {
          "name": "winscp-scpsftp-command-execution(36591)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"
        },
        {
          "name": "3141",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3141"
        },
        {
          "name": "25655",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25655"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://winscp.net/eng/docs/history/"
        },
        {
          "name": "26820",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26820"
        },
        {
          "name": "1018697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018697"
        },
        {
          "name": "20070913 WinSCP \u003c 4.04 url protocol handler flaw",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4909",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30",
              "refsource": "MISC",
              "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30"
            },
            {
              "name": "winscp-scpsftp-command-execution(36591)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"
            },
            {
              "name": "3141",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3141"
            },
            {
              "name": "25655",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25655"
            },
            {
              "name": "http://winscp.net/eng/docs/history/",
              "refsource": "CONFIRM",
              "url": "http://winscp.net/eng/docs/history/"
            },
            {
              "name": "26820",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26820"
            },
            {
              "name": "1018697",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018697"
            },
            {
              "name": "20070913 WinSCP \u003c 4.04 url protocol handler flaw",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4909",
    "datePublished": "2007-09-17T17:00:00",
    "dateReserved": "2007-09-17T00:00:00",
    "dateUpdated": "2024-08-07T15:08:33.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"833B5B6D-9A6B-4F25-81B0-F27D82940F8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:3.5.5_beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1441C593-8BA8-4D10-BE13-4D4D01B5ACB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:3.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FEE92BE-F80D-481E-95DF-2C33E8DE3D3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61A75DF1-1A3E-4898-B7A6-750F9FA8D1A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:3.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79C692ED-9C28-4CAA-B72A-4CCC78AE8680\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:3.6.5_beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D214F458-12B5-4280-AF10-33426933992E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:3.6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD7FE4B2-2433-4B7F-BFA2-DCDEC32F329E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:3.6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B57BACA5-6820-48BB-906F-6AA010429F18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA9F9BEF-14B6-429B-915F-45958C568F76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89254511-B715-4515-AA6F-86133A2182CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDD786A3-A146-4E4B-90C4-D9F8A2E7D986\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"200669EB-F6A1-4C6F-9939-EB3ADB472161\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015.\"}, {\"lang\": \"es\", \"value\": \"Conflicto de interpretaci\\u00f3n en WinSCP anterior a 4.0.4 permite a atacantes remotos llevar a cabo transferencias de archvios de su elecci\\u00f3n con un servidor remoto a trav\\u00e9s de comandos de transferencia de archivos en la porci\\u00f3n final de un (1) scp, y posiblemente un (2)sftp o (3) ftp, URL, tal y como se demostr\\u00f3 con la validaci\\u00f3n de una URL espec\\u00edfica en un servidor remoto con un nombre de usuario de scp, el cual es interpretado como un nombre de esquema HTTP a trav\\u00e9s del manejador de protocolo del navegador web, pero este es interpretado como un nombre de usuario por WinSCP. NOTA: esto est\\u00e1 relacionado con un parche incompleto para CVE-2006-3015.\"}]",
      "id": "CVE-2007-4909",
      "lastModified": "2024-11-21T00:36:41.780",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-09-17T17:17:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/26820\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3141\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://winscp.net/eng/docs/history/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/479298/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/25655\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1018697\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/36591\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26820\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3141\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://winscp.net/eng/docs/history/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/479298/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/25655\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1018697\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/36591\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4909\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-09-17T17:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015.\"},{\"lang\":\"es\",\"value\":\"Conflicto de interpretaci\u00f3n en WinSCP anterior a 4.0.4 permite a atacantes remotos llevar a cabo transferencias de archvios de su elecci\u00f3n con un servidor remoto a trav\u00e9s de comandos de transferencia de archivos en la porci\u00f3n final de un (1) scp, y posiblemente un (2)sftp o (3) ftp, URL, tal y como se demostr\u00f3 con la validaci\u00f3n de una URL espec\u00edfica en un servidor remoto con un nombre de usuario de scp, el cual es interpretado como un nombre de esquema HTTP a trav\u00e9s del manejador de protocolo del navegador web, pero este es interpretado como un nombre de usuario por WinSCP. NOTA: esto est\u00e1 relacionado con un parche incompleto para CVE-2006-3015.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"833B5B6D-9A6B-4F25-81B0-F27D82940F8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:3.5.5_beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1441C593-8BA8-4D10-BE13-4D4D01B5ACB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:3.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FEE92BE-F80D-481E-95DF-2C33E8DE3D3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61A75DF1-1A3E-4898-B7A6-750F9FA8D1A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79C692ED-9C28-4CAA-B72A-4CCC78AE8680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:3.6.5_beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D214F458-12B5-4280-AF10-33426933992E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:3.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD7FE4B2-2433-4B7F-BFA2-DCDEC32F329E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:3.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B57BACA5-6820-48BB-906F-6AA010429F18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA9F9BEF-14B6-429B-915F-45958C568F76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89254511-B715-4515-AA6F-86133A2182CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDD786A3-A146-4E4B-90C4-D9F8A2E7D986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"200669EB-F6A1-4C6F-9939-EB3ADB472161\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/26820\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3141\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://winscp.net/eng/docs/history/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/479298/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25655\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018697\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36591\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26820\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://winscp.net/eng/docs/history/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/479298/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25655\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-4909

Vulnerability from fkie_nvd - Published: 2007-09-17 17:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/26820	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3141
cve@mitre.org	http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30
cve@mitre.org	http://winscp.net/eng/docs/history/
cve@mitre.org	http://www.securityfocus.com/archive/1/479298/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/25655	Patch
cve@mitre.org	http://www.securitytracker.com/id?1018697
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36591
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26820	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3141
af854a3a-2127-422b-91ae-364da2661108	http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30
af854a3a-2127-422b-91ae-364da2661108	http://winscp.net/eng/docs/history/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/479298/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25655	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018697
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36591

Impacted products

Vendor	Product	Version
winscp	winscp	2.0.0
winscp	winscp	3.5.5_beta
winscp	winscp	3.5.6
winscp	winscp	3.6
winscp	winscp	3.6.1
winscp	winscp	3.6.5_beta
winscp	winscp	3.6.6
winscp	winscp	3.6.7
winscp	winscp	3.8.1
winscp	winscp	3.8.2
winscp	winscp	4.0.2
winscp	winscp	4.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B5B6D-9A6B-4F25-81B0-F27D82940F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.5.5_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "1441C593-8BA8-4D10-BE13-4D4D01B5ACB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEE92BE-F80D-481E-95DF-2C33E8DE3D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A75DF1-1A3E-4898-B7A6-750F9FA8D1A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C692ED-9C28-4CAA-B72A-4CCC78AE8680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.6.5_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "D214F458-12B5-4280-AF10-33426933992E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD7FE4B2-2433-4B7F-BFA2-DCDEC32F329E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B57BACA5-6820-48BB-906F-6AA010429F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9F9BEF-14B6-429B-915F-45958C568F76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89254511-B715-4515-AA6F-86133A2182CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD786A3-A146-4E4B-90C4-D9F8A2E7D986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "200669EB-F6A1-4C6F-9939-EB3ADB472161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015."
    },
    {
      "lang": "es",
      "value": "Conflicto de interpretaci\u00f3n en WinSCP anterior a 4.0.4 permite a atacantes remotos llevar a cabo transferencias de archvios de su elecci\u00f3n con un servidor remoto a trav\u00e9s de comandos de transferencia de archivos en la porci\u00f3n final de un (1) scp, y posiblemente un (2)sftp o (3) ftp, URL, tal y como se demostr\u00f3 con la validaci\u00f3n de una URL espec\u00edfica en un servidor remoto con un nombre de usuario de scp, el cual es interpretado como un nombre de esquema HTTP a trav\u00e9s del manejador de protocolo del navegador web, pero este es interpretado como un nombre de usuario por WinSCP. NOTA: esto est\u00e1 relacionado con un parche incompleto para CVE-2006-3015."
    }
  ],
  "id": "CVE-2007-4909",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-09-17T17:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26820"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3141"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://winscp.net/eng/docs/history/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/25655"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018697"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://winscp.net/eng/docs/history/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/25655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-408

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été identifiée dans l'outil de transfert de données WinSCP. L'exploitation de cette dernière permettrait à une personne distante d'effectuer de forcer des transactions illégitimes à un utilisateur ayant une version de WinSCP vulnérable.

Description

Une vulnérabilité a été identifiée dans l'outil de transfert de données WinSCP. L'installation de l'application spécifie au système d'exploitation les protocoles qu'il peut manipuler : scp:// et sftp://. Une personne malveillante qui contrôlerait un serveur FTP peut forcer sa victime à effectuer des transferts de données par une adresse construite à partir de ces protocoles. Il peut s'agir d'un lien ajouté dans le champ IFRAME d'une page par exemple. Le transfert peut être dans les deux sens : chargement ou récupération de données sur le poste ayant une version de WinSCP vulnérable.

Solution

Se référer au bulletin de sécurité et installer la version 4.0.4 de WinSCP disponible sur le site du projet (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	La version 4.0.3 de WinSCP ainsi que celles antérieures.

References

Title

Publication Time

Tags

Changement de version WinSCP du 02 septembre 2007	None	vendor-advisory
Version 4.0.4 disponible sur le site du projet WinSCP :	-	other
Documentation en français de WinSCP :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "La version 4.0.3 de WinSCP ainsi que celles ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans l\u0027outil de transfert de donn\u00e9es\nWinSCP. L\u0027installation de l\u0027application sp\u00e9cifie au syst\u00e8me\nd\u0027exploitation les protocoles qu\u0027il peut manipuler : scp:// et sftp://.\nUne personne malveillante qui contr\u00f4lerait un serveur FTP peut forcer sa\nvictime \u00e0 effectuer des transferts de donn\u00e9es par une adresse construite\n\u00e0 partir de ces protocoles. Il peut s\u0027agir d\u0027un lien ajout\u00e9 dans le\nchamp IFRAME d\u0027une page par exemple. Le transfert peut \u00eatre dans les\ndeux sens : chargement ou r\u00e9cup\u00e9ration de donn\u00e9es sur le poste ayant une\nversion de WinSCP vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 et installer la version 4.0.4 de\nWinSCP disponible sur le site du projet (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-4909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4909"
    }
  ],
  "links": [
    {
      "title": "Version 4.0.4 disponible sur le site du projet WinSCP :",
      "url": "http://winscp.net/eng/download.php"
    },
    {
      "title": "Documentation en fran\u00e7ais de WinSCP :",
      "url": "http://winscp.net/eng/docs/lang:fr"
    }
  ],
  "reference": "CERTA-2007-AVI-408",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9, l\u0027int\u00e9grit\u00e9 et la disponibilit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans l\u0027outil de transfert de donn\u00e9es\nWinSCP. L\u0027exploitation de cette derni\u00e8re permettrait \u00e0 une personne\ndistante d\u0027effectuer de forcer des transactions ill\u00e9gitimes \u00e0 un\nutilisateur ayant une version de WinSCP vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de WinSCP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Changement de version WinSCP du 02 septembre 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-408

Vulnerability from certfr_avis - Published: - Updated:

Description

Solution

Se référer au bulletin de sécurité et installer la version 4.0.4 de WinSCP disponible sur le site du projet (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	La version 4.0.3 de WinSCP ainsi que celles antérieures.

References

Title

Publication Time

Tags

Changement de version WinSCP du 02 septembre 2007	None	vendor-advisory
Version 4.0.4 disponible sur le site du projet WinSCP :	-	other
Documentation en français de WinSCP :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "La version 4.0.3 de WinSCP ainsi que celles ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans l\u0027outil de transfert de donn\u00e9es\nWinSCP. L\u0027installation de l\u0027application sp\u00e9cifie au syst\u00e8me\nd\u0027exploitation les protocoles qu\u0027il peut manipuler : scp:// et sftp://.\nUne personne malveillante qui contr\u00f4lerait un serveur FTP peut forcer sa\nvictime \u00e0 effectuer des transferts de donn\u00e9es par une adresse construite\n\u00e0 partir de ces protocoles. Il peut s\u0027agir d\u0027un lien ajout\u00e9 dans le\nchamp IFRAME d\u0027une page par exemple. Le transfert peut \u00eatre dans les\ndeux sens : chargement ou r\u00e9cup\u00e9ration de donn\u00e9es sur le poste ayant une\nversion de WinSCP vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 et installer la version 4.0.4 de\nWinSCP disponible sur le site du projet (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-4909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4909"
    }
  ],
  "links": [
    {
      "title": "Version 4.0.4 disponible sur le site du projet WinSCP :",
      "url": "http://winscp.net/eng/download.php"
    },
    {
      "title": "Documentation en fran\u00e7ais de WinSCP :",
      "url": "http://winscp.net/eng/docs/lang:fr"
    }
  ],
  "reference": "CERTA-2007-AVI-408",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9, l\u0027int\u00e9grit\u00e9 et la disponibilit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans l\u0027outil de transfert de donn\u00e9es\nWinSCP. L\u0027exploitation de cette derni\u00e8re permettrait \u00e0 une personne\ndistante d\u0027effectuer de forcer des transactions ill\u00e9gitimes \u00e0 un\nutilisateur ayant une version de WinSCP vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de WinSCP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Changement de version WinSCP du 02 septembre 2007",
      "url": null
    }
  ]
}

GSD-2007-4909

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-4909

Aliases

CVE-2007-4909

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4909",
    "description": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015.",
    "id": "GSD-2007-4909"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4909"
      ],
      "details": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015.",
      "id": "GSD-2007-4909",
      "modified": "2023-12-13T01:21:37.185801Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4909",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30",
            "refsource": "MISC",
            "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30"
          },
          {
            "name": "winscp-scpsftp-command-execution(36591)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"
          },
          {
            "name": "3141",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3141"
          },
          {
            "name": "25655",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25655"
          },
          {
            "name": "http://winscp.net/eng/docs/history/",
            "refsource": "CONFIRM",
            "url": "http://winscp.net/eng/docs/history/"
          },
          {
            "name": "26820",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26820"
          },
          {
            "name": "1018697",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018697"
          },
          {
            "name": "20070913 WinSCP \u003c 4.04 url protocol handler flaw",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:3.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:3.6.5_beta:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:3.5.5_beta:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:3.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:winscp:winscp:3.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4909"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30",
              "refsource": "MISC",
              "tags": [],
              "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30"
            },
            {
              "name": "http://winscp.net/eng/docs/history/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://winscp.net/eng/docs/history/"
            },
            {
              "name": "25655",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/25655"
            },
            {
              "name": "26820",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26820"
            },
            {
              "name": "1018697",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018697"
            },
            {
              "name": "3141",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3141"
            },
            {
              "name": "winscp-scpsftp-command-execution(36591)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"
            },
            {
              "name": "20070913 WinSCP \u003c 4.04 url protocol handler flaw",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:38Z",
      "publishedDate": "2007-09-17T17:17Z"
    }
  }
}

GHSA-F8Q3-MJHV-RR2F

Vulnerability from github – Published: 2022-05-01 18:28 – Updated: 2025-04-09 03:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4909"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-09-17T17:17:00Z",
    "severity": "HIGH"
  },
  "details": "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015.",
  "id": "GHSA-f8q3-mjhv-rr2f",
  "modified": "2025-04-09T03:46:15Z",
  "published": "2022-05-01T18:28:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4909"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26820"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3141"
    },
    {
      "type": "WEB",
      "url": "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29\u0026r2=1.30"
    },
    {
      "type": "WEB",
      "url": "http://winscp.net/eng/docs/history"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/479298/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25655"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018697"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-4909 (GCVE-0-2007-4909)

FKIE_CVE-2007-4909

CERTA-2007-AVI-408

Description

Solution

CERTA-2007-AVI-408

Description

Solution

GSD-2007-4909

GHSA-F8Q3-MJHV-RR2F

Tags

Sightings

Nomenclature