CVE-2007-3008

Mbedthis AppWeb - HTTP TRACE Method Enabled

Title source: llm
STIX 2.1

Description

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34854
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24456
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/35511
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25636

Scores

EPSS 0.0145
EPSS Percentile 70.4%

Details

CWE
CWE-200 CWE-79
Status published
Products (10)
mbedthis_software/mbedthis_appweb_http_server 2.0.0
mbedthis_software/mbedthis_appweb_http_server 2.0.1
mbedthis_software/mbedthis_appweb_http_server 2.0.2
mbedthis_software/mbedthis_appweb_http_server 2.0.3
mbedthis_software/mbedthis_appweb_http_server 2.0.4
mbedthis_software/mbedthis_appweb_http_server 2.0.5
mbedthis_software/mbedthis_appweb_http_server 2.1.0
mbedthis_software/mbedthis_appweb_http_server 2.1.1
mbedthis_software/mbedthis_appweb_http_server 2.2.0
mbedthis_software/mbedthis_appweb_http_server 2.2.1
Published Jun 04, 2007
Tracked Since Feb 18, 2026