CVE-2007-2479

CVSS V2 High 7.1 CVSS V3 Medium 5.9
Description
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
Overview
  • CVE ID
  • CVE-2007-2479
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2007-05-03T00:19:00
  • Last Modified Date
  • 2017-07-29T01:31:29
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:basic:*:*:* 1 OR
cpe:2.3:a:cerulean_studios:trillian:3.1:*:*:*:pro:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 7.1
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • NONE
  • Base Score
  • 5.9
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.2
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522 Broken Link
http://blog.ceruleanstudios.com/?p=131 Broken Link
http://www.securityfocus.com/bid/23730 Third Party Advisory
http://www.securitytracker.com/id?1017982 Third Party Advisory
http://secunia.com/advisories/25086 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1596 Broken Link
http://osvdb.org/35722 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/33983
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2007-2479
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2479
History
Created Old Value New Value Data Type Notes
2022-05-10 09:14:14 Added to TrackCVE