Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-0044 | First vendor Publication | 2007-01-03 |
Vendor | Cve | Last vendor Modification | 2018-10-16 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0044 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10042 | |||
Oval ID: | oval:org.mitre.oval:def:10042 | ||
Title: | Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." | ||
Description: | Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-0044 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for acroread File : nvt/sles9p5018489.nasl |
2009-01-28 | Name : SuSE Update for acroread SUSE-SA:2007:011 File : nvt/gb_suse_2007_011.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-16 (acroread) File : nvt/glsa_200701_16.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31047 | Adobe Acrobat Reader Browser Plug-in PDF CSRF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11433.nasl - Type : ACT_GATHER_INFO |
2009-08-28 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_709.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0144.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-2508.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-2545.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_acroread-2506.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2007_011.nasl - Type : ACT_GATHER_INFO |
2007-01-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-16.nasl - Type : ACT_GATHER_INFO |
2007-01-10 | Name : The PDF file viewer on the remote Windows host is affected by several vulnera... File : adobe_reader_709.nasl - Type : ACT_GATHER_INFO |
2007-01-05 | Name : The browser plugin on the remote Windows host is affected by multiple issues. File : adobe_pdf_plugin_80.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2022-10-19 01:04:35 |
|
2021-05-04 12:05:11 |
|
2021-04-22 01:05:44 |
|
2020-05-23 01:37:38 |
|
2020-05-23 00:19:03 |
|
2018-12-04 12:02:06 |
|
2018-10-16 21:19:45 |
|
2017-11-09 12:02:16 |
|
2017-10-11 09:23:49 |
|
2017-07-29 12:01:55 |
|
2016-04-26 15:35:31 |
|
2014-02-17 10:38:29 |
|
2013-05-11 00:39:49 |
|