FKIE_CVE-2007-3011

Vulnerability from fkie_nvd - Published: 2007-07-05 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.
References
cve@mitre.orghttp://osvdb.org/37835
cve@mitre.orghttp://secunia.com/advisories/25944Patch, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/2858
cve@mitre.orghttp://www.redteam-pentesting.de/advisories/rt-sa-2007-002.phpExploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/472800/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/24762Exploit, Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2441
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/35257
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37835
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25944Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2858
af854a3a-2127-422b-91ae-364da2661108http://www.redteam-pentesting.de/advisories/rt-sa-2007-002.phpExploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/472800/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24762Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2441
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35257
Impacted products
Vendor Product Version
fujitsu serverview 2.50
fujitsu serverview 3.60l98
fujitsu serverview 3.60l99
fujitsu serverview 4.10l11
fujitsu serverview 4.11l11b
fujitsu serverview 4.11l81
fujitsu serverview 4.30.1
fujitsu serverview 4.30.2
fujitsu serverview 4.30.3
fujitsu serverview 4.30.4
fujitsu serverview 4.30.5
fujitsu serverview 4.30.6
fujitsu serverview 4.30.7
fujitsu serverview 4.30.8
fujitsu serverview 4.30.9
fujitsu serverview 4.30.10
fujitsu serverview 4.30.11
fujitsu serverview 4.30.12
fujitsu serverview 4.30.13
fujitsu serverview 4.40.1
fujitsu serverview 4.40.2
fujitsu serverview 4.40.3
fujitsu serverview 4.40.4
fujitsu serverview 4.40.5
fujitsu serverview 4.40.6
fujitsu serverview 4.50.1
fujitsu serverview 4.50.2
fujitsu serverview 4.50.3
fujitsu serverview 4.50.4
fujitsu serverview 4.50.5
fujitsu serverview 4.50.6
fujitsu serverview 4.50.7
fujitsu serverview 4.50.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "920BBD1B-D2F6-4558-9868-9FBD658109DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:3.60l98:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A4D19D-E4F0-48C4-B0BF-1A72F60C1290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:3.60l99:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A2E096-CCFD-4326-83D3-A9C7C2EA59C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.10l11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B39D9EF-ADCA-4E71-BA81-E0A10D355AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.11l11b:*:*:*:*:*:*:*",
              "matchCriteriaId": "540FA53F-851D-4ABE-9A2A-DC957EFED9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.11l81:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7BF954-A59D-477D-A1D3-9632DBA02501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4BFA4-3FFC-4AD5-AC11-BE53AB1D7682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACCC66C6-955E-4E7C-820E-0EA44DA55CFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "64612E14-63AE-48F8-AC81-8AA490ADC0B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0FF5C0B-B169-4D21-90DC-2F6EAC4E3CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF2C9AF-B8EC-402A-805A-1DF3E7C35F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F74DD80E-F4C6-41AC-A533-6432863541C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E60543-0202-4766-9394-91F54A8630D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BA98E1-13F7-4F6D-A4C4-704831DEA8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D847A4-0567-4051-872A-34A3041F6206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE2C1181-F86B-4129-BD44-E50460F13000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "982C6514-3C5A-417E-BBA2-08BF079C4B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "88ADE41F-75FB-4D07-A96C-8CF6C09680CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.30.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90E2CD-1DDE-401C-9D9E-7045AE7840F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.40.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3200DB6E-7D18-4649-8083-07521116DEB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.40.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F9255E-D9F9-4582-A7FD-2A8E7A9C9AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.40.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "588FEE00-57BF-4B69-97F9-482CB0E46161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.40.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8ADE70E-89E1-4A50-B2BF-1D8B1B20957D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.40.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "28E3A127-72CC-4CE8-BA2E-97C19829EC8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.40.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1AE64C-3F1A-42DB-AE98-974FC33815FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.50.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED405CC-6075-490C-BD3A-1F6F1656CE5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.50.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57093BF5-0A45-408D-A99B-BA880ECD7370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.50.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DFB80E-4187-4157-B863-1BCFC7A7A907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.50.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "839ADDBD-CEF9-4C54-B3AC-9EAEA0FD7D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.50.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52298F0-561D-4751-B139-395027E354FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.50.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "89E96EE2-00DD-4170-A049-CF6389CC197F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.50.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4A0A4DF-4C63-4045-AEF9-C3C27264BCC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:serverview:4.50.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAFC0028-F24B-41B3-A855-FAB3C268454F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter."
    },
    {
      "lang": "es",
      "value": "La secuencia de comandos CGI DBAsciiAccess en el interfaz Web de Fujitsu-Siemens Computers ServerView anterior a 4.50.09 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n mediante metacaracteres de consola (shell) en el subpar\u00e1metro Servername del par\u00e1metro ParameterList."
    }
  ],
  "id": "CVE-2007-3011",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-05T19:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37835"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25944"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2858"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-002.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/472800/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24762"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2441"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-002.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/472800/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35257"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.