CVE-2007-3008

Mbedthis Software Mbedthis Appweb HTTP Server - Information Disclosure

Title source: rule

Description

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.

References (6)

[Vendor Advisory] http://secunia.com/advisories/25636

[Various Sources] http://www.appwebserver.org/forum/viewtopic.php?t=996

[Various Sources] http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34854

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24456

[Third Party Advisory, VDB Entry] http://www.osvdb.org/35511

Scores

EPSS 0.0085

EPSS Percentile 74.7%

Classification

CWE

CWE-79 CWE-200

Status draft

Affected Products (10)

mbedthis_software/mbedthis_appweb_http_server

Timeline

Published Jun 04, 2007

Tracked Since Feb 18, 2026